Scam of the week: EE Phishing Scam Tricks Users with Sneaky URL

January 10, 2020 10:27 am Geraldine Strawbridge EE Phishing Scam

With a new year comes new scams and despite only being a week into 2020, fraudsters have already launched a devious new phishing scam aimed at defrauding EE customers.

Victims have reported receiving text messages purporting to be from the UK-based mobile network provider. The message reads: “We were unable to process your latest bill. In order to avoid fees, update your billing information via https://ee.co.uk.billing-update-jan02.info.”

The scam is particularly convincing as it attempts to snare unsuspecting victims by incorporating a date into the URL. The first half of the URL appears almost indistinguishable from EE’s official domain ‘ee.co.uk.’, and the addition of a date in the second half makes it look like a page hosted under the official site.

EE Phishing text (Source: Digital Information World)

To add even more credibility to their scam, the crooks have obtained a free SSL certificate from Let’s Encrypt, a non-profit certificate authority. This gives the site its all-important https certification and padlock, which most users associate with a safe and secure site.

The reality is that https signifies an encrypted secure connection with a server, but it doesn’t mean that the server itself is legitimate. In fact, 58% of all phishing websites now use https certificates to trick users into thinking they are on a secure site. Criminals have taken advantage of the public’s trust in these symbols and it’s now proving to be a very effective way to scam people.

If the user continues to click on the link, they are taken to a spoofed domain that has been specifically set up to harvest their email address and password. Thankfully, most browsers are now flagging the site as a malicious domain and warning visitors that it’s dangerous.

Spoofed EE login page

Unfortunately, as we’ve become more knowledgeable about traditional email-based phishing, criminals have adapted their attack methods and moved to other areas where there’s a greater chance of scamming more people.

Mobile has proved to be a very effective platform to conduct these attacks and ‘smishing’ is often the favoured choice for delivering malicious links. Smishing is a type of phishing attack that uses SMS messages as opposed to emails to target individuals.

Unlike desktops, the mobile interface conceals a lot of red flags that would highlight a potential phishing attack. On desktops, users can check the validity of a web address by hovering their mouse over a link to see if it is legitimate. However, on a mobile, this option is not available making it increasingly difficult to detect if a link is malicious or not. Other protective measures such as traditional firewalls, secure email gateways and endpoint protection are not available on mobile making it much easier for criminals to attack undetected.

How to prevent smishing

  • Don’t click on any links within a text message – You could be directed to a phishing website or your device could become infected with malware.
  • Be wary of an urgent call to action – This is a common tactic used to pressurise the recipient into taking immediate action.
  • Don’t reply to the text or call the number back – Scam text messages will often encourage you to text ‘stop’ to stop receiving the text messages. This is often just a way for fraudsters to confirm if the number is active. If you reply, you may end up getting bombarded with more spam text messages.
  • Call the company directly to check if the text is legitimate – Source the number from the company’s official website and inquire about the text message you’ve received. The company will be able to confirm if they have issued the text or not.
  • Install antivirus software – There are a range of anti-virus software solutions for mobiles that will eliminate malicious activity.

MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.