The report says that the malicious actors behind this campaign have discovered a way for these emails to pass through security filters and end up in the victim’s inbox instead of the junk mail folder. The email looks like a legitimate Verizon invoice and it requests that you log into your Verizon account and click a link in the email. DO NOT DO IT!!! You will be handing your login information to the scammers. As we’ve noted, that could lead to the bad actors changing the account address, requesting a SIM card, and stealing your money.
Fortra shows what to look for in a fake email sent by an attacker as part of the campaign to phish Verizon customers
Clicking on the link could also allow the scammers to add malware to your phone or computer. If you get an email that seems shady, hover your mouse over the sender’s name to see the real source of the letter. If you’re not sure if the email is real, go online to get Verizon‘s real phone number and give the company a call. Never, never, NEVER click on links found in an unsolicited email or text.
Clicking the link on the fake email will take you to a fake Verizon page that prompts you for your email and password
Verizon subscribers need to be on the lookout for emails with the following sender information and more:
- Sender’s Email: member@surveymonkeyuser.com
- Reply-to Address: ms365@verizservus.33mail.com
- Sender’s Name: ms365@veriservus.33mail.com via SurveyMonkey
- Registration Date: August 18, 2016
- Organization: SurveyMonkey Inc.
One way the scammers try to get you to respond to their phishing email is by making it sound as though something bad will happen to you unless you act urgently. For example, you might receive an email that says you will lose your wireless service unless you respond to the email quickly. I’ve received similar emails in the past and ignored them. One time I received an email from Verizon that contained many spelling and grammatical errors; that is one of the red flags that you should look for. I called Verizon using the phone number I obtained myself and found out that the email did really come from the carrier.
- Respond to the text message or email in any way
- Click any links
- Open any attachments
- Provide any data to any websites mentioned