Doesn’t this email look legitimate? Well….don’t take the bait.

I recently read about a new phishing campaign posing as Verizon, and ironically enough, I opened my inbox to find this notice (keep in mind, I am not a Verizon customer).

Notice how even though I am not a Verizon customer, I owe $964.02. That’s my first clue this is a phishing campaign. It would, however, be a little harder to detect if I were a Verizon customer.

Isn’t it amazing that this email really does look legitimate? I mean there are links to view and pay my bill, enroll in auto pay, and it links back to Verizon. The email looks similar to emails I receive from other vendors I use and pay for online.

But…Look at the numbers. You know how much you normally pay for a bill. Do you normally receive an electronic receipt or bill? If so, is this a huge difference in payment amount? If you answer “yes” that is your first clue something “phishy” is going on here. If you don’t normally receive electronic bills and you have not enrolled in online payment, this email is a huge red flag.

Another sign this email is part of a phishing campaign is that it is being sent to multiple people (I covered the email addresses as they are probably real, like mine was). Why would Verizon send my bill to a handful of other people? They wouldn’t.

Even if you look at the email and it does seem normal because you are a customer and receive emails like this all the time…. Do not click the link.

I have said this many times when discussing online attacks, but just because something is branded and you trust the company that is emailing you, keep in mind it may not be that company. If you think the email merits contacting Verizon, type in Verizon’s address yourself in a new window and contact them directly through your trusted contact information to verify the claim. Never call the number or visit the site provided in the email as it could also be bogus.

These links could direct you to a landing page that looks very familiar to the Verizon environment. In fact, so close that you may not realize anything is different. So, you want to enter in the official verizon address, then locate your account through that.

Do not ever enter personal information into a landing page that comes from an unknown link. This gives phishers exactly what their looking for: your personally identifiable information.