New Scams Alert
February 15, 2019
Tesco are warning customers not to fall vicitm to latest scam.
The text message, under the alias of supermarket giant Tesco, is targeting victims by using their name and car registration plates to ultimately cause damage and steal confidential information.
The message, which comprises of three names and three number plates, congratulates the “Tesco shoppers” and asks them to click on a link to confirm they have received the message. Tesco has not yet confirmed the origin of the message, but it has been confirmed as a scam, that is currently undergoing an investigation by the supermarket’s Phishing Team.
Victim’s Text Message
Other News, Dubious Emails Containing URLs with up to 1,000 Characters Have Been Raising Eyebrows
The following week a separate targeted phishing campaign, which claims your email has been blacklisted, due to several login failures and requires you to confirm your identity, was exposed.
Thanks to the campaign’s bizarre links containing almost 1,000 characters, it raised suspicions from the outset. The scam, as seen below, presents itself as your email domain’s support system and requests that you make another attempt to log-in or risk the account being terminated.
Once clicking on the link, you will be taken to a landing page with a login form customised specifically to your domain. According to Bleeping Computer, Derek from My Online Security noticed that URLs in the emails are “very long”, ranging from 400 characters to 1,000 characters.
The reason behind these extraordinary URL lengths is unknown, but according to an analysis of the URL by web site analysis service URLscan displays more than 1,100 phishing pages with multiple similarities, meaning they could be coming from the same phishing kit.
Mailbox users have been warned when receiving dubious emails, to draw their attention to the length of URLs and use this as a potential warning sign, when choosing whether or not to click on links or attachments provided within.
Check Out Our Other Recent P
Last month we had the opportunity to be a part of Securing the Law Firm 2019 with an Education Seminar centred around best-practice for constructing SOC-as-a-Service (SOCaaS), so you know you can get value; here’s the low-down.
Is Broadcom about to shake up the Symantec enterprise following its acquisition or does this kick start the end of the line for Symantec.
Secrutiny is hosting an intimate breakfast briefing for cyber security leaders in London on Thursday, 28th November. Join us to discover how, with a bit of extension and instrumentation, the ecosystem of controls that you already have can form the basis of an evidential, prioritised cyber risk management programme. Learn more and register…