Connect with us

Hi, what are you looking for?



Vishing Scam Targeting Verizon Wireless Customers

Verizon Wireless appears to be the latest victim of a vishing attack, with a well-crafted scam targeting its customers and looking to capture sensitive customer information.

Verizon Wireless appears to be the latest victim of a vishing attack, with a well-crafted scam targeting its customers and looking to capture sensitive customer information.

In this current attack which started today, the attackers are using automated phone calls to direct people to the website “” in order to claim a reward. “Simply login to your account to redeem your one hundred dollars,” a male recorded voice states. “At Verizon we care about you. Thank you, and have a nice day,” the message concludes. The caller-id displayed  (which could easily be spoofed) was a 303-731-XXXX number.

While the attack is targeting Verizon Wireless customers in hopes that they will login to the fake customer portal, the attackers are calling what appears to be random numbers, including non-Verizon numbers of people who may not be customers.

Interestingly, the well-designed phishing page asks for phone number or user name, along with password and the last four digital of the user’s social security number—a field that is not required to login to the real Verizon Wireless site. As is the case with most good phishing sites, the site is a near replica of the site and loads much content from the real site, including trust marks and “seals” to help prove the site’s authenticity.

If an unsuspecting user visits the fraudulent site, entering any value into the login fields will result in a “success” – showing that the cybercriminals are simply capturing all data submitted to their rogue login form.

After submitting login data, users are presented with the message, “Congratulations! You have successfully applied for your discount,” with a button below labeled “Go to my account,” which, if clicked, actually directs users to the legitimate Verizon Wireless website.


Looking into the domain itself, “” was actually registered today, indicating that the attackers had this planned ahead of time, and waited until the last minute to register the domain and activate the site. (Domains registered that contain a large brand name and/or trademark are likley to be caught ahead of time.)

Advertisement. Scroll to continue reading.

In order to see if a spam campaign may also be associated with the attack, SecurityWeek reached out to anti-spam technology firm Cloudmark to see if they had seen any activity this morning that may have been attempts to direct users to the “” site. As of yet, they have not seen such spam showing up. This could be an effort to further stay below-the-radar as long as possible, as many anti-phishing and fraud detection services parse spam messages in order to identify and shut down phishing sites.

“The appears to be solely a vishing scam at this point,” said Mary Landesman, a senior security researcher at Cloudmark. “Essentially, the scammers use VoIP to place calls to numbers they either guessed through brute/dictionary force (aka war-dialing) or which they obtained from stolen call center lists.”

While in this case the voice appears to be a recording of a real person’s voice, Landesman added that often, these types of calls are synthesized and recorded using text to voice recognition software.

“Since the call isn’t placed over traditional landline infrastructure it’s harder for authorities to trace,” she added.

“ is hosted by Yahoo, which happens to be a bit ‘unfriendly’ when it comes to reporting phishing/abuse sites they are hosting – i.e. you have to sign in with a Yahoo account in order to report the abuse.”

Landesman also pointed to some interesting research on the current threat landscape as it relates to vishing. According to Pindrop Security’s State of Phone Fraud Report, vishing increased by 52% in the second half of 2011. Nearly 190k fraudulent calls were observed in December 2011. The report also states that “All five of the largest national financial institutions, and 30 of the top 50, were targeted by vishers during the second half of 2011. On average, fraudsters used at least 200 numbers to contact customers assuming the identity of such prominent institutions.”

As of the time of publishing, the site was still active.

Update: Checking on the site again at 10PM ET, the domain appears to be offline and Firefox and Google Chrome users will likely experience a “Web Forgery” warning if trying to access the site.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...