Phishing scam campaign actors innovated a new form of scamming using math symbols. They utilise these symbols for impersonating company brands and logos to evade the anti-phishing detecting system.
A very notable instance of this modus is spotted by an analyst group that involves the impersonation of Verizon, a multi-million US-based telecommunication service provider.
The case is that the phishing threat actors are utilising the square root symbol (√) or the checkmark symbol to slightly impersonate the letter V of the Verizon brand so that it can create an optical illusion that could trick the AI anti-phishing detectors.
Though these identical logos can be good enough for individuals who are not updated to different logo changes, the phishing scam success rate may be higher than usual.
How does this phishing campaign operate?
These spoofing types disguise themselves in the form of voicemail notifications that contains an embedded ‘Play’ button, if clicked, take the unaware user to a phishing website that was designed to look like a Verizon website. The domain destination is undoubtedly not a part of Verizon’s official webspace, but it can be compelling to unaware individuals, especially the elderly.
Furthermore, the phishing actors rely upon the victim’s carelessness because the impersonated site looks very convincing. Also, the analysts have found out that the phishing campaign bets on recently registered domains that were not reported.
Navigating the fake page, the visitor will come across an alleged voicemail, but the users can only access it if they log in to their Office365 account credentials on the sign-in form.
The first attempt at the login procedure will undoubtedly result in an ‘incorrect password’ message. The second attempt will assure that the target victim has not mistyped any of its credentials, especially passwords. The phishing actors do this to ensure the success of their scam.
How to avoid these kinds of phishing scams?
If you ever encountered an email like this, proper inspection is essential in not falling for these kinds of phishing scams. Remember never to click embedded buttons and validate the site URL you are about to access before entering any critical credentials.
Lastly, if the contents of an email that reaches your email address do not make any sense, it is most probably a phishing email that needs to be deleted.