English

English

Home » Phishing campaign uses mathematical symbols to evade detection

Phishing campaign uses mathematical symbols to evade detection

Phishing

Phishing actors now use mathematical symbols on spoofed company logos to evade detection by anti-phishing systems.

One notable case spotted by INKY analysts involves identity theft of Verizon, a major US-based telecommunications service provider.

In this case, the actors use a square root symbol, a logical NOR operator, or the check mark itself, all helping to create a slight optical differentiation that could fool AI-based spam detectors.

Phishing message using the square root symbol in the Verizon logo
Phishing message using the square root symbol in the Verizon logo
Source: INKY

However, for many people who aren’t keeping up with the latest logo changes, these slightly edited logos look good enough, so delivery success and user engagement rates are more likely to stay high.

You have a fake voicemail

All three types of impersonation masquerade as voicemail notifications containing a built-in ‘play’ button that, when clicked, directs the user to a phishing portal designed to resemble a web site. Verizon.

The landing domain is clearly not part of Verizon’s official web space, with an example given in the report being sd9-08[.]Click on.

Cloned Verizon site used as campaign phishing page
Cloned Verizon site used as campaign phishing page
Source: INKY

The actors are betting on neglect of the target, otherwise the spoofed site looks convincing enough. Additionally, Inky discovered that this phishing campaign relied on recently registered domains that had not been reported.

The logo on the cloned site is the real one, as the phishers stole most of the HTML and CSS from the real Verizon site.

By scrolling through the fake page, the visitor will find the alleged voicemail message, but they are only allowed to access it if they provide their Office365 account credentials on the login form.

The first attempt will result in an “incorrect password” message being obtained, while the second attempt will generate a false error that terminates the login procedure.

This is done for phishers to make sure the victim hasn’t typed their password wrong on the first attempt, so it’s basically a “quality assurance” step.

Fake error generated after victim twice entered their credentials on the phishing site
Fake error message generated after victim entered their credentials twice on the phishing site
Source: INKY

When you receive emails of this type, careful consideration is an important factor in order not to fall victim to these scams. Never click on the built-in buttons, always validate the URL of the site you are about to enter credentials on, and finally, consider the realism of the situation.

In this case, a message from Verizon urges the recipients to enter their Office365 credentials, which does not make sense in this situation. If the content of an email doesn’t make sense for some reason, it’s usually phishing and the email must be spam.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay on Top - Get the daily news in your inbox

Trending this Week