Malicious actors are targeting Verizon customers in a mobile phishing scam. This latest phishing kit targets customers located in the U.S. Attackers took time and effort to learn about Verizon’s infrastructure to relentlessly launch their attack against customers.
Researchers at Lookout discovered the attack last November and are calling this a ‘sophisticated, mobile-first’. Their Phishing AI found that the kit creates phishing sites on mobile devices running by Verizon. Further, the attackers conducted immense research and had knowledge about Verizon’s infrastructure, which they took advantage of and exploited their attack.
The phishing kit sends malicious links to users that resemble Verizon Customer Support. Within the last three-month researchers found three different campaigns targeting the Verizon Electronic Customer Relationship Management (ECRM) servers used as part of phishing sites. Additionally, Lookout identified 51 Verizon customer phishing domains registered in the last 90 days.
Further, Verizon has been notified of the phishing kit an have released a statement. They warn customers to never click on any links, open attachments, respond to emails, and give any data to web sites. Verizon has also released a list of potential emails that attackers may send.
They have further stated:
“Verizon Online has been made aware of a new phishing scam targeting Verizon customers. This scam attempts to lure customers to a fraudulent web site to input personal information and/or download virus infected programs.
Verizon will never ask for personal or account information by email.”
Attackers are targeting mobile devices more frequently because our devices hold a lot of personal information. Anyone who fall victims to these attacks are at risk for theft of address, usernames, credit card numbers, bank account numbers, and identity theft.
Principal Security Researcher at Lookout, Jeremy Richards commented on this issue saying:
“Attacks that target mobile devices have emerged as an effective attack vector in the era of post-perimeter security since many mobile devices lack traditional security–and I expect we will continue to see these attacks increase alongside mobile device usage.”
Contact LIFARS to conduct Phishing Attack Simulations in your organization