SECURITY
SECURITY
SECURITY
Sneaky new phishing campaign uses a math symbol in the Verizon logo
Researchers at Inky Technology Corp. have uncovered a sneaky new phishing campaign that involves the use of a math symbol in the Verizon logo.
The Verizon impersonation campaign, revealed today, was spotted in dozens of fake emails sent from various Gmail addresses during a two-week period between Sept. 1 and Sept. 13. Instead of using the “V” symbol at the end of the Verizon logo, the common theme was using close alternatives such as a stylized square root/radical symbol that has a passing resemblance to the proper Verizon logo.
The researchers explain that despite the money major brands spend on logo design, people often forget them. That plays into the hands of phishers, who can deceive their victims with made-up logos that look about right. The graphics may be off, but they do the job. It’s also noted that Verizon has changed its logo a couple of times since Bell Atlantic Corp. was renamed Verizon in 2000.
The attack flow phishing emails used three variations on the Verizon logo: the stylized square root, a logical NOR operator and the checkmark symbol itself but in a different location. Each email had a malicious link to a credential harvesting site that targeted Microsoft Corp. Office 365 users.
All three types masqueraded as voicemail notifications. Verizon provides voicemail services, including notifications, via email, playing into the potential to deceive potential victims. The phishers also stole separate HTML and CSS elements from Verizon’s real site to create a custom job that sometimes included a correct version of the logo.
Upon clicking on the malicious link, those targeted were taken to a fake site that asked them to enter their Microsoft credentials.
The phishers are said to have sent the phishing emails from Gmail accounts because they could pass standard email authentication such as SPF, DKIM and DMARC. Since the malicious link was brand-new and presented no zero-day vulnerabilities, the emails were not picked up by legacy anti-phishing tools.
Email recipients are being advised to be suspicious of voicemail notifications coming from Gmail or other free email providers such as Yahoo, AOL or Hotmail. They should also distrust emails that claim to be from Verizon but come from a Gmail sender.
Images: Verizon/Inky
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
