New Scams Alert
February 15, 2019
Tesco are warning customers not to fall vicitm to latest scam.
The text message, under the alias of supermarket giant Tesco, is targeting victims by using their name and car registration plates to ultimately cause damage and steal confidential information.
The message, which comprises of three names and three number plates, congratulates the “Tesco shoppers” and asks them to click on a link to confirm they have received the message. Tesco has not yet confirmed the origin of the message, but it has been confirmed as a scam, that is currently undergoing an investigation by the supermarket’s Phishing Team.
Victim’s Text Message
Other News, Dubious Emails Containing URLs with up to 1,000 Characters Have Been Raising Eyebrows
The following week a separate targeted phishing campaign, which claims your email has been blacklisted, due to several login failures and requires you to confirm your identity, was exposed.
Thanks to the campaign’s bizarre links containing almost 1,000 characters, it raised suspicions from the outset. The scam, as seen below, presents itself as your email domain’s support system and requests that you make another attempt to log-in or risk the account being terminated.
Once clicking on the link, you will be taken to a landing page with a login form customised specifically to your domain. According to Bleeping Computer, Derek from My Online Security noticed that URLs in the emails are “very long”, ranging from 400 characters to 1,000 characters.
The reason behind these extraordinary URL lengths is unknown, but according to an analysis of the URL by web site analysis service URLscan displays more than 1,100 phishing pages with multiple similarities, meaning they could be coming from the same phishing kit.
Mailbox users have been warned when receiving dubious emails, to draw their attention to the length of URLs and use this as a potential warning sign, when choosing whether or not to click on links or attachments provided within.
Check Out Our Other Recent P
Microsoft has officially dropped its 60-day password expiration policy from its security baseline, following May’s Window’s 10 updates.
Microsoft has released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services.
Gain a better understanding of the effectiveness of your cyber security controls in our cyber security validation infographic.