Email scams may fool users into clicking malicious links

Many workers are used to taking care of personal chores, such as paying their bills online, during work breaks or lunch time, using company computers or their BYOD devices. They may rely on email notifications from the businesses with which you do business, to remind them it’s time to pay. They’re used to getting those notices every month, and it’s easy and convenient to click the link to go to the bill pay page.

However, scammers take advantage of this and send fake notifications such as the two in the screenshots below, that look a lot like the real thing at first glance. The first one purports to be from AT&T.


Just in case AT&T isn’t your cell phone provider, the scammer also sent one that claims to be from Verizon:

Of course, if you look closely, you’ll notice a few clues that all is not as it seems. I glanced at the Verizon “bill” first, since Verizon is my provider and it really is about that time, and AccountNotify@Verizon.com really is the address from which legit notifications come. However, right off the bat my reaction was “What’s up with this?” because my monthly bill is normally a much larger number than $45.34. That led me to look more closely and of course, the email address was a dead giveaway. It was also an indication that this particular scammer isn’t very smart. Who’s going to think the IRS is sending out cell phone bills now?

If you hover over the links in what are by this time obviously phishing messages, you see that they go not to AT&T and Verizon sites, but to sites outside the country (the .br top level domain in the first one is in Brazil and the .at domain in the second is in Austria). You would have thought they would have used the .at domain for the “AT&T” message, which might have at least fooled a few people.

Of course I didn’t click those links, but my guess is that they take the user to web pages designed to look like the wireless companies’ pages and ask them to enter their user names, passwords and credit card info to be used for identity theft. If this is a particular nasty scam, those pages might also download malicious software to the computer, which could then infect the company network. So be sure to make your users aware of this one, even if they’ve already had more generalized training in avoiding phishing attempts.

Deb Shinder

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Share
Published by
Deb Shinder

Recent Posts

Azure Charts: If you’re not using this cool feature, you should be

This Azure Quick Tip shows you how to use Azure Charts, a great resource that…

2 hours ago

What to do after you migrate your virtual machines to the cloud

There are countless reference works available online (including many that I have written myself) that…

5 hours ago

Review: Identity verification solution Specops Secure Service Desk

Specops Secure Service Desk is an innovative solution for positively identifying a user who calls…

23 hours ago

Apple Silicon: What it means for the world of personal computing

Apple is moving away from Intel processors to use its own Apple Silicon processors to…

1 day ago

RAID 0 vs. RAID 1: When to use each level and why

Two of the most popular RAID levels for improving performance are RAID 0 and RAID…

1 day ago

Got cybersecurity tools? Good. Got too many? That may be a problem

Strength in numbers may not apply to cybersecurity tools. In fact, using too many tools…

2 days ago