15 February 2019

NEW SCAMS ALERT

Tesco falls victim to cyber crime and criminals are using a bizarre new phishing scam to steal your credentials.

Tesco are warning customers not to fall for latest text message scam

The text message, under the alias of supermarket giant Tesco, is targeting victims by using their name and car registration plates to ultimately cause damage and steal confidential information.

The message, which comprises of three names and three number plates, congratulates the “Tesco shoppers” and asks them to click on a link to confirm they have received the message. Tesco has not yet confirmed the origin of the message, but it has been confirmed as a scam,  that is currently undergoing an investigation by the supermarket’s Phishing Team.

Victim’s Text Message

In other news, dubious emails containing URLs with up to 1,000 characters have been raising eyebrows

The following week a separte targeted phishing campaign, which claims your email has been blacklisted, due to several login failures and requires you to confirm your identity, was exposed.

Thanks to the campaign’s bizarre links containing almost 1,000 characters, it raised suspicions from the outset. The scam, as seen below, presents itself as your email domain’s support system and requests that you make another attempt to log-in or risk the account being terminated.

Blacklisted Phishing Email

My Online Security

Once clicking on the link, you will be taken to a landing page with a login form customised specifically to your domain. According to Bleeping Computer, Derek from My Online Security noticed that URLs in the emails are “very long”, ranging from 400 characters to 1,000 characters.

Phishing Campaign Landing Page

My Online Security

The reason behind these extraordinary URL lengths is unknown, but according to an analysis of the URL by web site analysis service URLscan displays more than 1,100 phishing pages with multiple similarities, meaning they could be coming from the same phishing kit.

Mailbox users have been warned when receiving dubious emails, to draw their attention to the length of URLs and use this as a potential warning sign, when choosing whether or not to click on links or attachments provided within.