Innocent Customers Hit by Bill-Themed Phishing Emails Impersonating Vodafone
Softpedia.com published news on 19th December, 2013 quoting a warning by experts as "Customers of popular mobile phone service provider 'Vodafone' are struck with bogus bill-themed emails."
The emails with the subject line "Check your bill online" and addressing the recipient as "Dear Customer" tell him that his monthly bills have been prepared and he can see them online at his, Vodafone online account by clicking on the link furnished in the email.
Security experts monitoring the ongoing phishing email campaign note that the emails are not from Vodafone but it's a phishing scam drafted to dupe consumers of Vodafone in giving up their account credentials to cyber criminals.
Those who fall for the trick and click one of the links to view their bill will be taken to a fake login page designed to imitate the legitimate Vodafone web site. On providing their account type with username and password and by clicking on the submit button, a message Thanking the customer for updating his account appears, displayed on the web-browser of the consumer.
A link on the fake page labeled "Click here to Proceed" will direct victims back to the genuine website of Vodafone.
Once they have collected the stolen login credentials, the cyber crooks can utilize these to log into the legitimate Vodafone accounts to embezzle any useful information and proceed further with bogus activities with the aid of the hijacked account.
Fake "view your bill" messages are a common phishing trick.
Experts advise to be wary of any email looking similar to be the user's service provider inviting him to view his bill online by clicking on a link as in the aforementioned case.
Moreover, Vodafone is not the only mobile service provider that has been struck by cyber crooks in 2013 as in May 2013, BigPond, a well-known Australian telecom provider, was also hit by cyber crooks.
The message was sent to an individual who was an AVG reseller and not a customer of BigPond asking him to update the billing details by clicking a link. However, it was not difficult to discover that the emails were bogus as they didn't employ the complete name of consumers.
» SPAMfighter News - 27-12-2013