No matter how confident you are that you won’t get fooled by an online scam, you can never be too careful when opening texts and emails from unknown senders. That’s doubly true for Verizon customers right now, as a new phishing campaign targeting the carrier’s subscribers is currently making the rounds, as noted by cybersecurity firm Fortra.
According to Fortra (via FOX59 News), the proprietors of this campaign have been sending out emails that look legitimate at first glance. In fact, these emails are managing to skirt spam filters and reach our inboxes by using the private email address maker 33mail.com to hide the actual email address of the sender. Here’s what you should be looking out for:
- Sender’s Email: member@surveymonkeyuser.com
- Reply-to Address: ms365@verizservus.33mail.com
- Sender’s Name: ms365@veriservus.33mail.com
- Sender’s Website: surveymonkeyuser.com
- Redirect: hxxps[://]sites[.]google[.]com/view/vrz39289289823/home
The sender’s name doesn’t match its email address, which is the first sign that something fishy is probably going on. If you open the email, you’ll see a message about an invoice with a weird link that appears to redirect to a Prezi presentation.
If you click on the link (which you absolutely should not do), you’ll end up on a page hosted on Google Sites that attempts to mimic an Office 365 sign-in page for Verizon. At this point, you’ve likely caught on, but if you enter your Office 365 (which is now Microsoft 365) login details, they will presumably be sent directly to the bad actor behind the scam.
All in all, it’s not an especially convincing phishing scam, but at least now you’re equipped with the knowledge of its existence. If you weren’t already, ignore any and all emails from unfamiliar senders, especially if the sender’s name is as ludicrous as “ms365@veriservus.33mail.com.” I don’t want any of you to get hacked by such a lazy scammer.