Don’t Trust Those Emails from Your Phone Providers
In this age of ransomware and Emotet botnets, old-fashioned spear phishing attempts seemed to have faded into the background. But it has come into the news again. This time, it is targeting company executives with fake phone provider emails. If you’re a decision maker at your organization, or hold the strings to the proverbial company treasure, we suggest you read this blog before you rush to respond to that mobile phone provider’s email.
The Bedrock of Spear Phishing: Relying on Panic
Phones are ubiquitous now. They have almost become a natural extension to our body. While the youth uses them for self-expression and keeping up with the trends, those in the corporate world use it for making long-lasting business decisions. Collaboration tools like Microsoft Teams are now available for the phones, not to mention corporate mailboxes. And so, it would be understandable if you fly into mild panic on receiving an email from your phone provider, with vague subject lines indicating there has been a problem. Before we discuss more on this interesting case study, let us first understand a little about spear phishing.
Spear phishing is a form of cyberattack in which the threat actor tries to spread malware via targeted emails. It takes its name from the pointed nature of an actual spear. Just like the weapon, this malware attack is specially directed / pointed towards the victim, with the emails being personalized and researched w.r.t to the victim’s nature. The subject line and body of the email is tailored, and has a high rate of success because it scares the intended victim easily. Panic is often the underlying mindset that spear phishers rely on, but sometimes, it could also be excitement (as demonstrated in our blog on award scams).
The Phone Provider Phishing Scam
It was Cofense security which dug out this scam. The scam comes in the form of phishing emails, with not-so-clear subject lines which indicate a problem with your bill. The email apparently originates from your phone provider.
The email body reports an issue with the phone network. So as not to face trouble, the person should log in to a linked website, and fill in their credentials. The thing to watch out for here is the ‘from’ section of the email, which displays the phone provider but underneath does not contain a company email address at all. Another obvious warning sign is the actual URL to the supposed ‘login portal’. It is unusually lengthy, and has words like ‘fly-guyz’ which are not only unprofessional, but also totally irrelevant to the problem as presented by the phone company.
If a casual viewer does click on the fraudulent link, he/she arrives on a dummy page. The page has been dressed up to look legitimate, and is complete with the SSL certificate (https). At first glance, the page appears as though it does belong to the phone provider. Only on careful scrutiny of the URL does one come to know that it is fake.
Supposing a person fails to notice all the tell-tale signs. The website prompts the user to fill out their email and password on a spoofed form. This is a classic case of credential theft. And now the criminals have an id-password pair which they can exploit later. After ‘login’ the website directs the user to yet another page where he/she needs to input all the sensitive banking details. It is a fertile ground for the cyber criminals. If someone does fill out the form, the criminals have everything they need for fake transactions on your hard-earned money.
Things to do
At a personal level
Be wary of all emails that urge you to take immediate action. As the saying goes, the sky won’t fall if you take your time. Check with your phone provider, through their toll-free customer care number, or via other authentic channels.
Also, always look for errors in the ‘from’ sections of such emails, and also the URLs underneath. Majority of the times, you are alerted to a scam right then and there.
Looking to partner up with a security firm?
We are ready at your service. At Logix, our professional team has gone through countless such cases, and they know to tweak our products just right. Our offerings stand their ground in the face of modern threats. Our Email ATP service accurately detects email-borne threats such as Ransomware, BEC, Domain Spoofing, Advanced Malware, Spear Phishing & Display Name Spoofing. Leave the security concerns to us, and you are freed to focus all your energies on your business!