Researchers warn of an ongoing spear-phishing attack mimicking a well-known telecommunications company, EE, to snatch up corporate executives’ credentials and payment details.
Highly targeted emails have been sent to a few executives – including one at a leading financial firm – purporting to be from British internet service provider EE, which as of 2019 is one the largest mobile network operators in the UK, with around 32 million customers.
The phishing campaign comes with a few sloppy red flags that eagle-eyed recipients might pick up on – but researchers say its use of HTTPS and SSL certificates for its landing page help it evade detection.
“This new, targeted campaign shows that while exploiting well-known telecommunications brands is nothing new, such phishing emails continue to go undetected by popular email gateways designed to protect end users, leading to possible theft of prized corporate credentials,” said researchers with Cofense
in a Monday analysis.
