Experts from security firm Symantec have analyzed an interesting phishing scam that was making the rounds this past Christmas. The cybercriminals used a typosquatting domain to set up a website that replicated the one of a popular US payment system.
Users who landed on the phishing site were promised a $400 cash prize. All they needed to do was to enter a verification code they received via email.
In the next phase of the attacks, they were promised double the amount of money from their payment system accounts and were told to pay $0.01 to verify that their account was still active.
Users who agreed to the terms were taken to a survey.
In the last phase of the phishing scheme, victims would be once again urged to verify their accounts by paying $0.01. Those who agreed, actually handed over their personal and financial details to the crooks.
This phishing scam might have promised “Christmas gifts,” but cybercriminals can easily adapt it. That’s why users are advised to always be cautious when presented with such offers.