Phishing campaign uses math symbol to imitate Verizon logo

Verizon sign on the side of a building
(Image credit: Shutterstock)

Security researchers have discovered a new phishing campaign that uses a math symbol in the Verizon logo to fool victims.

Researchers found the campaign impersonating Verizon in dozens of fake emails sent from various Gmail addresses in the first half of September. Instead of using a V symbol at the end of the logo, phishers used either a square root symbol, a logical NOR operator, or the check mark symbol.

All three types masqueraded as voicemail notifications. Verizon does provide voicemail services, including notifications, according to researchers at Inky.

Researchers said even though corporations have huge marketing budgets to spend on logo design, people are terrible at remembering them. This works for criminals who can deceive their victims with made-up logos that look about right.

Researchers said that while the graphics were off, they did the job. Another thing that helped phishers was that Verizon had changed its logo a couple of times since Bell Atlantic Corporation was renamed Verizon in 2000.

Regardless of the symbol used, each email had a malicious link to a credential-harvesting site that targeted Microsoft Office 365 users. All three types masqueraded as voicemail notifications. Verizon does provide voicemail services, including notifications.

“Clicking on the button (black or red, depending on the version) prominently displaying the text “Play >” (made up of the word plus a close-angle-bracket character) led to a site that appeared to be Verizon's, but was in fact a malicious impersonation,” said researchers.

They added that phishers could easily steal separate HTML and CSS elements from Verizon’s real site to put together a custom job that included a correct version of the logo.

Researchers said the criminals had created and registered the fake site via Namecheap barely a month ago, according to a WHOIS lookup. Namecheap has since taken the site down, and it now has an “NXDOMAIN” status, meaning it no longer exists, they added.

At the bottom of the fake page it invited targets to “play, listen, or download” their voicemail with Office365 credentials. Using the red “Authenticate with Office365” button led to a fake Microsoft log in dialog box.

RELATED RESOURCE

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

FREE DOWNLOAD

When researchers attempted to log in to the fake site, they received a response saying the password was incorrect. The second attempt elicited a bogus error message. However, the site harvested credentials on the back end both times.

“This pattern, the double ask, is fairly common. It’s not entirely clear what the phishers are up to, but it's possible that they want the victim to confirm the correctness of the data, or that they hope the victim will try a different account, yielding them two sets of credentials for the price of one,” researchers warned.

Researchers advised users to be suspicious of voicemail notifications coming from Gmail or other free email providers such as Yahoo, AOL, or Hotmail. “They should also distrust emails that claim to be from Verizon but come from a Gmail sender,” they added.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.