Cybercriminals have designed yet another new ruse to entice their victims. To escape detection by anti-phishing systems, some phishing actors have been spotted utilising mathematical symbols on impersonated corporate logos.
For impersonating the Verizon logo, the attackers utilised three mathematical symbols. A logical NOR operator, a check mark sign, or a square root symbol are examples of this. The usage of these symbols resulted in a slight visual change, which was used to mislead AI-based spam detectors.
- The fake messages seem to be a voicemail notification with a Play button attached. When the user clicks, they are sent to a phishing gateway designed to seem like the Verizon website.
- Notably, the landing domain (sd9-08[.]click) has nothing to do with Verizon’s official website.
- The phishing effort makes use of newly registered and unregistered domains, and the faked site appears to be quite convincing.
- Furthermore, the logo on the bogus page is genuine, since the attackers took many HTML and CSS code elements from the real Verizon website.
In addition to constructing a plausible fake website, attackers utilised several extra procedures to make life easier for the victims.
- A targeted user discovers a supposed voicemail on the bogus page. To continue with the voicemail, users must provide their Office 365 account credentials.
- The first login attempt displays an invalid password message, while the second attempt displays an erroneous error message that terminates the login process.
- The attacker includes this bogus error phase to ensure that the password is input accurately and is not mistyped by the users.
Cybercriminals frequently astound security professionals with their simple yet inventive techniques. The latest campaign shown that people may be duped if they do not pay attention to the smallest things. As a result, experts warn users to be cautious when reading emails from unknown senders and to never accept links or files included inside them.