A new phishing campaign is targeting executives in an attempt to steal bank account details and login credentials by posing as their mobile service provider. The attacks were uncovered by Cofense, a cybersecurity company.
According to Cofense, the emails are designed with branding made to appear as if they come from EE, the largest telecommunications and internet service provider in the U.K. The emails include a message that says that the company is fixing an unspecified problem, prompting the user to login to their account and have their details updated. At no point does the email give an indication of what this error is.
Cybersecurity experts never fail to warn users of the threat of phishing attacks, but many people still fall for these scams for the look of the message alone -- from how the logo is copied to the color themes of the company.
In this particular attack, the email does look like it comes from EE, but a closer look reveals that the email address has nothing to do with the company. Moreover, the domain is a dead giveaway too.
The email asks users to click on a very long and weird URL, specifically, this: hXXps://fly-guyz[.]com/ee[.]co[.]uk[.]edcnymdsqmnydqnyo, which is obviously an indication that it's not something from EE. But some victims fail to notice these signs and click the link anyway, which takes them to a spoofed login page that looks exactly like the real thing. It's also quite alarming that the spoofed page comes complete with a trusted HTTPS protocol and SSL certificate.
Users who end up entering their usernames and passwords are now victims of a successful spear-phishing attack -- they've handed down their login credentials freely. Victims are then taken to another page that asks them for their bank details, including their card number, CVV, and the date of expiration. Cofense says the phishing page is still active, which means attacks are still ongoing.
What's unfortunate is that spoofed domains aren't new at all, and yet they remain a successful means of attack. Users are advised to be wary of emails that claim to be from the company they have a deal or subscription with, especially if the message demands immediate action. More so, if the action involves having to click a link or downloading something from a URL that's vague or unreadable.
To be safe, call your service provider first about any announcements they may have. Always confirm if they've sent an email to determine its authenticity.
