Security Affairs
Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks use math symbols to evade anti-phishing solutions

Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages using mathematical symbols on impersonated company logos. The experts analyzed the case of a campaign targeting the customers of the […]

Verizon phishing

Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns.

Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages using mathematical symbols on impersonated company logos.

The experts analyzed the case of a campaign targeting the customers of the telecommunication giant Verizon, attackers used a square root symbol, a logical NOR operator, or the checkmark symbol itself. The trick adopted by the crooks aims at creating a sort of optical interference that could allow bypassing anti-spam solutions.

“Although Verizon’s current logo makes use of a bright red, asymmetrical “V” after the word “Verizon” (which is all lower case in bolded black sans serif), that “V” element does look rather like a checkmark.” states the report published by INKY.

“INKY found three fake logo variants in the wild. Each made use of a mathematical symbol for the red element. The three impersonations reproduced that element via:

  • a square root symbol,
  • a logical NOR operator, and
  • the checkmark symbol itself.”

The campaign detailed by the experts used messages posing as voicemail notifications from Verizon. Upon clicking on the Play button (a close-angle-bracket character is appended to the text Play) the recipient will be directed to a phishing site (sd9-08[.]click) that clones the legitimate Verizon website.

The fake website appears genuine and asks the users to provide their Office365 account credentials on the sign-in form to listen to the message.

The experts noticed that once provided the credentials for the first time, the victims have displayed an “incorrect password” message, if they will retry to log in a fake error is notified and the login process is interrupted.

“However, the credentials were harvested both times on the backend. This pattern, the double ask, is fairly common. It’s not entirely clear what the phishers are up to, but it’s possible that they want the victim to confirm the correctness of the data, or that they hope the victim will try a different account, yielding them two sets of credentials for the price of one.” continues the report.

The experts explained that threat actors behind the phishing attacks sent use Gmail accounts to send phishing messages because they were able to pass standard email authentication (SPF, DKIM, and DMARC). They also noticed that the malicious site was brand new and hosted zero-day exploits.

Below are the recommendations provided by the security firm:

  • Email recipients are advised to be suspicious of voicemail notifications coming from Gmail or other free email providers such as Yahoo, AOL, or Hotmail. They should also distrust emails that claim to be from Verizon but come from a Gmail sender.
  • Also, in many cases, they can look at the URL of a site that purports to be Verizon to see whether Verizon actually hosts it. This type of analysis will sometimes lead to false positives if a large company uses a smaller firm for marketing support.
  • They should also be wary if a site asks them to enter Microsoft credentials to view notifications from Verizon (or any other brand).

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, phishing)

[adrotate banner=”5″]

[adrotate banner=”13″]