Search This Blog

Showing posts with label Verizon. Show all posts

Hacker Steals Database of Verizon Employees

 

A hacker stole a database including hundreds of Verizon workers' complete names, email addresses, corporate ID numbers, and phone numbers. By calling phone numbers in the database, Motherboard was able to confirm that at least part of the data is genuine. Four persons confirmed their complete identities and email addresses, as well as their employment at Verizon. It's uncertain whether all of the info is correct or up to date.

Another person validated the information and stated that she used to work for the company. A dozen more numbers received voicemails that included the names in the database, implying that they are also correct. Last week, the hacker contacted Motherboard to provide the information. 

The data was obtained, according to the unidentified hacker, by convincing a Verizon employee to grant them remote access to their company computer. At that time, the hacker claimed to have gotten access to a Verizon internal tool that displays employee data and to have developed a script to query and scrape the database. 

“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,” they told Motherboard in an online chat. The hacker stated they reached out to Verizon and shared the email that he sent to the company. 

“Please feel free to respond with an offer not to leak you’re [sic] entire employee database,” the hacker wrote in the email, according to a screenshot of it. The hacker stated they would like Verizon to pay them $250,000 as a reward. A Verizon spokesperson confirmed the hacker has been in contact with the company. 

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email. 

“As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.” 

While the stolen information does not include Social Security numbers, passwords, or credit card details, it is nonetheless potentially harmful. It might be beneficial for hackers who wish to target corporate employees—or mimic one while speaking with another—in order to get access to internal tools. An attack of this type would offer hackers the opportunity to impersonate Verizon personnel and, if successful, complete access to networks that would allow them to look up individuals' information and transfer their phone numbers, a practice known as SIM swapping. 

For years, hackers have gained access to victims' phone numbers, allowing them to change the target's email password, for example. As a result, the hackers get access to the victim's bank or cryptocurrency account. Hundreds, if not thousands, of people have been victimised by this type of breach in recent years. Several persons have been arrested and indicted in the United States for allegedly participating in these types of cyberattacks.

Verizon Phishing Scam Uses Text Messages to Target Customers

 

Verizon subscribers had started to get malicious texts from unknown senders, according to a report published by Phone Arena on Saturday, October 9. Sending messages to a receiver using a suspicious phone number is a phishing technique. The precise contact number is 562-666-1159, and it informs users that their prior month's fee has already been paid. The exact message reads as follows: "Verizon Free Message: Sept bill is paid. Thanks, (first name of the customer)! Here's a little gift for you." 

According to Phone Arena, the majority of Verizon customers have already paid their September bills. As a result, the old invoice suggested that the hacker's message was entirely fictitious. In addition, Verizon is unlikely to deliver a gift to users who have paid their bills in advance. This current phishing attack could indicate that the user's personal information is about to be stolen. 

This attack was similar to what T-Mobile customers experienced previously. Phone Arena said it's conceivable that the phone numbers used to send the phoney messages came from T-Mobile's recent data hack, which affected 48 million members. The text pretended to be from T-Mobile and promised the recipients of the message a $100 free gift as compensation for an outage that occurred somewhere around that time. 

The way T-Mobile was spelled as Tmobile was one of the obvious clues that the whole affair was a hoax. The truth was hidden in the tiny print: the SMS was sent by a marketing firm with no ties to T-Mobile, and the firm was attempting to acquire information about T-Mobile consumers, presumably gathering confirmed phone numbers of the carrier's subscribers.

Coming back to Verizon, the cybercriminals behind the text message will request personal information from subscribers. If a subscriber falls for this ruse, his or her security number, bank account number, and other personal data will be stolen. The threat actor would have access to the required details of a subscriber's Verizon account if this happened. Once the scam is successful, the hackers will order a phone that the user will have to pay for. 

If customers are concerned whether a text or email is real, they should phone the carrier and inquire if someone from that company sent them the message in question, according to Phone Arena. They also recommended that anyone having a wireless account set up a password or PIN to keep their account safe from prying eyes.

Cofense Report Analysis on Phishing Campaign Utilizing Vzwpix

 

Researchers at the Cofense Phishing Defense Center (PDC) have been able to dig further into the addressing characteristics of one of the phishing attempt that used Verizon's multimedia messaging service - Vzwpix – employing Cofense Vision. 

Verizon's Vzwpix is a genuine multimedia messaging service. It allows users to send emails from mobile phones, which often include the sender's contact number. Fraudsters exploit the popularity of this service by faking an original email address via spoofing. 

Cyber attackers could use these services to mass deliver SMS that comes from a mobile number but does not include the sender's name and identity. If somehow the recipient does not recognize the mobile number, then they might be left speculating who had sent these emails. 

Hundreds of complaints about Verizon's Vzwpix service domain have been obtained by the Cofense PDC over the last week. 

A majority of these messages would be texts or pictures, but investigators are continuously on the lookout for potential risks. Malicious actors used Vzwpix to target potential audiences in a range of sectors throughout the last week. 

According to Cofense PDC, the message received by the users were all in plain text and without any formatting or pictures. It leads to a new voicemail and employs a monetary enticement via ACH transfers.

The link is provided as plain text, informing users of where they will be redirected. It was smart enough to avoid the first assessment from the secure email gateway (SEG) by employing a valid survey application; nevertheless, certain SEGs would've been able to verify the content of the survey via link click. 

The cyber attackers employed Alchemer, a survey form generator that makes it very convenient to design a survey form for users to answer. 

Further research shows that the survey is erroneously designed as a OneDrive login page, although most of the consumers were probably able to assume that this isn't a genuine Microsoft OneDrive login page. 

The continue button is likewise off to the side, giving the impression that the site wasn't intended to be read with a PC web browser. 

While using it from a smartphone, the form layouts are noticeably different. The modified phishing page is displayed within a white box, as well as the button is placed between the entry fields. 

Utilizing Cofense Vision, Researchers were easily able to detect several individuals who received a similar email at their organization. Even though each email originated from the very same phone number, the message IDs were all unique. All the message IDs were indeed associated with the Verizon phone number which sent messages. Each message ID correlates to a separate group of recipients which was listed in the email's "To" address section. 

In the analysis, every group appeared to have a minimum of 10 email accounts, comprising PDC customers and other external domains as well. After excluding the unique domains, researchers were able to ascertain that 50% of all recipients worked in the food production industry. 

The PDC client in these groups worked in the manufacturing industry, however, one of the major subsidiaries in the food manufacturing industry. Another 25% of the targeted domains are in the supply chain and media industries.