What is the threat?
A phishing campaign has been discovered in the wild targeting Verizon customers. This phishing campaign is mimicking Verizon customer support and trying to get information about customers’ Verizon accounts to gain access. The phishing emails ask users to verify/update their account information such as full name, phone number, UserID, password and security questions which will enable the attackers to take over the account fully.
Why is this noteworthy?
The link used in the phishing emails contain the abbreviation ‘ecrm,’ which is used by Verizon as a sub-domain – ecrm.verizonwireless[.]com – for its Electronic Customer Relationship Management platform. The phishing domains look legitimate when viewed on your mobile but appear suspicious when viewed on desktop screens. Since majority of the people today use their mobiles and mobile apps, this could easily fool the receiver into sending their login credentials to the attacker.
What is the exposure or risk?
This phishing campaign seems to be a consumer fraud attack for Netflix accounts, rather than targeted attacks for corporate credentials or business data. Once the attacker has the login credentials, they can assess the user. If the user is an executive, they can get access to more than just a Netflix account. Access to a mobile phone account can be used to launch business email compromises, fraudulent wire transfers, or even ransomware.
What can you do?
Verizon Online has been made aware of this phishing scam targeting Verizon customers and they have published an announcement on their support page urging customers to delete any emails that ask for information regarding their accounts confirming that – “Verizon will never ask for personal or account information by email.”
- Deleting any email from Verizon that asks you to submit any information regarding your account or asks you to click a link to reset passwords or verify your email and account information.
- Not providing any of the data requested in the email on any websites.
- Not opening any links or interacting with the email before deleting it.
- If you think an email is legitimate, we recommend verifying it by calling Verizon’s customer service.
SKOUT also recommends deploying our Email Protection as a service. SkOUT’s email protection service combines multiple scanning techniques to immediately spot phishing, fraud, spam, brand impersonation, malicious and unwanted emails, and visually classifies the email into three categories:
- External – email is not malicious or spam. (Grey)
- Caution – email may be a phishing attempt, spam, or other malicious behavior. Reasons for warning are clearly displayed. (Yellow)
- Danger – email is malicious, spam or other dangerous email. Users should not interact with this email and it is automatically moved to the junk or spam folder. (Red)
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Secure Intelligence Center.