14 DAY TRIAL // Cybercriminals can turn almost any sort of personal information into a quick buck, and lately they directed their attention towards the clients of the telecommunications company BT in UK.
The phishing email they send is one that follows the classic pattern, informing the potential victim that an issue has been detected and the customer needs to log into their account to offer the necessary input that would solve the problem.
Fake log in page is hosted in the US
A link provided in the fraudulent message is supposed to direct users to the log in page of the service provider. However, the page is a fake and all the data entered in the text boxes is automatically sent to the cybercriminals.
With this information in hand, they can access sensitive information about the victim in order to conduct future attacks on them.
MillerSmiles analyzed a sample of the nefarious message and determined that the fake log-in page is hosted on a server in Atlanta, Georgia.
In order to increase the success of the scam, the crooks create a sense of urgent action that needs to be taken by the potential victim. Phishing email claiming to come from BT makes no exception and informs that if the instructions are not followed, the recipient would end up with a suspended or de-activated account.
Always check for an encrypted connection on a log in page
Phishing websites have a short lifespan as they are quickly picked up by automated systems and delivered to web browsers. As a result, browsers often restrict access to dangerous online areas, informing users of the risk of proceeding.
However, until the protection mechanisms are deployed, phishing pages sometimes have a window of several hours to lure in as many victims as possible and harvest their credentials.
Users are advised not to access URLs provided in suspicious emails and enter the address manually in the web browser. Also, when landing on a log in page, it is recommended to check the type of connection. All major online services have implemented secure transmission of data, which cannot be defeated easily by run-of-the-mill cybercrooks.
Generally, the HTTPS protocol is used and there is a green padlock to mark that the connection to the server is encrypted.
In order to reduce risk fraud, BT accepts information from its customers about email scams and offers the abuse[at]bt.com address for reporting malicious activity.
The customer help page also provides a link that should point clients to a page with the latest scams currently leveraging the company’s name. Unfortunately, it points to an invalid location.