Make sure to double-check that Verizon email, as customers of the nation's second largest cellular company are getting scammed.
Verizon customers are receiving dubious emails telling them that their bill is due and more than likely the bill is of a greater amount than their normal monthly bill. The higher than normal amount is tempting for victims to click on the bill to see just what's going on. When users click on any link in the email their computers are then under attack from what's known as a "Blackhole exploit kit, a web application that bombards your browser with malicious code that attempts to assume control and download malware."
The newest version of a well-known password stealer, Trojan.Zbot monitors your web browsing traffic looking for any username / password pairs, particularly ones associated with online banking, and quietly passes them back to a command and control center via a distributed peer-to-peer network.
HyphenNet.com has a full write-up about the attacks and offers these suggestions on how to spot the fake Verizon emails
- In legitimate Verizon Wireless bill notification emails, the first line of the email will read, “Your current bill for your account ending in XXXX-XXXXX is now available online in My Verizon.” Meanwhile, the fake emails will simply say, “Your current bill for your account is now available online in My Verizon.”
- The balance due will differ greatly from what you typically pay. So if you usually pay $100/month and suddenly receive an email saying you owe $500, yet you haven’t done anything different during the billing cycle to warrant such charges, then something is up – and the problem may not necessarily be with your account, but the email you’re looking at.
- By hovering over the links, you notice that they point to a third-party website that obviously doesn’t belong to Verizon Wireless. The links in the spam message received by Barracuda Labs was “hxxp://trauma.co.id/XXXXXX/index.html” – which is clearly not affiliated with Verizon Wireless. It is important to note that it’s likely multiple URLs are being used.
Another thing to look out for, not just in this case, are scammers using subdomains and setting up fake looking websites. An example would be, www.REALWEBSITE.com.SCAMSITE.com/WHATEVER -notice the second .com? That would be the real .com. Websites can set up what's called subdomains, just like how TheDigitel Myrtle Beach is set up -www.myrtlebeach.thedigitel.com - TheDigitel.com is the real domain. So scammers can use any string of words before their actual domain name.
Attacks like this are nothing new, not for Verizon or any of the major cellular carriers. And you might notice the subdomain scam in many of the SPAM links on Facebook that oh so many people click on and then auto-share.
Have you fallen victim to this newest Verizon billing scam? If so, leave us a comment below.