New Scams Alert

February 15, 2019

Tesco are warning customers not to fall vicitm to latest scam.

The text message, under the alias of supermarket giant Tesco, is targeting victims by using their name and car registration plates to ultimately cause damage and steal confidential information.

The message, which comprises of three names and three number plates, congratulates the “Tesco shoppers” and asks them to click on a link to confirm they have received the message. Tesco has not yet confirmed the origin of the message, but it has been confirmed as a scam,  that is currently undergoing an investigation by the supermarket’s Phishing Team.

Victim’s Text Message

Other News, Dubious Emails Containing URLs with up to 1,000 Characters Have Been Raising Eyebrows

The following week a separate targeted phishing campaign, which claims your email has been blacklisted, due to several login failures and requires you to confirm your identity, was exposed.

Thanks to the campaign’s bizarre links containing almost 1,000 characters, it raised suspicions from the outset. The scam, as seen below, presents itself as your email domain’s support system and requests that you make another attempt to log-in or risk the account being terminated.

 Once clicking on the link, you will be taken to a landing page with a login form customised specifically to your domain. According to Bleeping Computer, Derek from My Online Security noticed that URLs in the emails are “very long”, ranging from 400 characters to 1,000 characters.

The reason behind these extraordinary URL lengths is unknown, but according to an analysis of the URL by web site analysis service URLscan displays more than 1,100 phishing pages with multiple similarities, meaning they could be coming from the same phishing kit.

Mailbox users have been warned when receiving dubious emails, to draw their attention to the length of URLs and use this as a potential warning sign, when choosing whether or not to click on links or attachments provided within.

Blacklisted Phishing Email – My Online Security

Phishing Campaign Landing Page – My Online Security

Check Out Our Other Recent Posts >

London Breakfast Briefing – Achieving Prioritised Cyber Risk Management
London Breakfast Briefing – Achieving Prioritised Cyber Risk Management

Secrutiny is hosting an intimate breakfast briefing for cyber security leaders in London on Thursday, 28th November. Join us to discover how, with a bit of extension and instrumentation, the ecosystem of controls that you already have can form the basis of an evidential, prioritised cyber risk management programme. Learn more and register…