Cyber criminals using a new trick to lure their victims. Some phishing actors are observed using mathematical symbols on impersonated business logos to avoid detection by anti-phishing systems.

Bypasses detection

The attackers have used three mathematical symbols for spoofing the Verizon logo. This includes a logical NOR operator, a checkmark symbol, or a square root symbol. The use of these symbols created a minor optical difference to fool AI-based spam detectors.

  • The spoofed messages pretend to be a voicemail notification with an embedded Play button. Once clicked, the user is led to a phishing portal created to impersonate the Verizon website.
  • The landing domain (sd9-08[.]click) is not related to Verizon’s official webspace.
  • The phishing campaign is using recently registered and unreported domains and the spoofed site looks very convincing. 
  • The logo on the fake page is original, as the attackers stole several HTML and CSS code elements from the official Verizon site.

Persuasion

Attackers used some additional workflows to convenience the victims.

  • On the fake page, a targeted user finds an alleged voicemail. Users are asked to provide their Office 365 account credentials to proceed further with the voicemail.
  • The first login attempt shows an incorrect password message, while the second attempt shows a bogus error that stops the login process.
  • This fake error step is added by the attacker to make sure the password is entered correctly or not mistyped by the users.

Cybercriminals often surprise security teams with their simple yet innovative tactics. The recent campaign has shown that users can be fooled if they do not pay attention to minute details. Users should be in alert while opening emails from unknown senders and to never open links or attachments inside them.