14 DAY TRIAL // A recent phishing campaign tries to lure users with a winning notification from LG Electronics. Although the deceit is obvious from a single glance at the subject, some recipients may be tempted to open the message and check some details.
What’s interesting about this phishing campaign is that the sender’s email address has a .edu TLD (top-level domain), which is reserved for institutions of higher education, such as universities.
This type of email addresses are quite useful to crooks because they do not benefit from the same treatment from spam filters as emails from regular TLDs; this happens because they are trusted almost implicitly.
In this particular case, it seems that the attacker relied on an email from Vincennes University in Indiana to send out the fraudulent emails.
The message is simple: the recipient is notified of winning a prize at a raffle organized by LG, and is asked to send an email to a different address. Even a less experienced user could see that there is a mismatch between the two addresses provided, since for claiming the prize a message has to be sent to an “outlook.com.au” inbox, OTA reports.
There is no information on what the next step of the scam is, but it could range from asking for personal information to providing a link to a malicious download.
