We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. Here's two internet domains: ee.co.uk and ee.co.uk.billing-update-jan02[.]info. They look alike, don't they? You might even think they belong to the same domain. However, the second URL is actually an alarming example of a new way to phish unsuspecting victims: Scammers have been incorporating the date into their malicious internet domains to help them spoof legitimate websites. On Friday, UK-based computer expert Terence Eden blogged about the malicious domain after a scammer sent his wife a phishing attack in the form of a text message. The text pretended to come from local mobile carrier EE and said: "We were unable to process your latest bill. In order to avoid fees, update your billing information via https://ee.co.uk.billing-update-jan02[.]info domain." (The spoofed domain contains a look-alike login page for EE.) Fortunately, Eden's wife has no account with EE, so she wasn't fooled. Nevertheless, he was surprised that the URL contained the letters "jan02," or the same date the text message was sent to his wife. This helped the message look even more convincing when EE's official domain is ee.co.uk. "If you're stood up on a crowded train, with your phone screen cracked, would you notice that a . is where a / should be? A quick look at the (URL) shows a trusted domain at the start— followed by today's date," he wrote in his blog post. But in reality, ee.co.uk.billing-update-jan02[.]info is an entirely separate domain. The telltale sign is the ".info" at the end of the URL. However, an unsuspecting victim could have easily overlooked it and instead paid attention to the "ee.co.uk" at the start of the URL, and assumed the domain to be legit. Not helping the matter is how the malicious domain obtained an SSL certificate from Let's Encrypt, a non-profit certificate authority. As a result, the domain will show a https:// encrypted connection, which can also fool users into thinking it's a scam-free site. "Money and technical expertise used to be strong barriers to prevent people from registering scam domains. But those days are long gone. There are no technical gatekeepers to keep us safe. We have to rely on our own wits," Eden added. The good news is that browsers have already flagged ee.co.uk.billing-update-jan02[.]info as a malicious domain, and will warn users from visiting it. However, the domain itself is still up. If you do visit it, you'll see a look-alike, but fake login page to EE, which is likely designed to steal your email address and password. Let's Encrypt didn't immediately respond to a request for comment on why an SSL certificate was given to the domain.
Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.
We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. Here's two internet domains: ee.co.uk and ee.co.uk.billing-update-jan02[.]info. They look alike, don't they? You might even think they belong to the same domain. However, the second URL is actually an alarming example of a new way to phish unsuspecting victims: Scammers have been incorporating the date into their malicious internet domains to help them spoof legitimate websites. On Friday, UK-based computer expert Terence Eden blogged about the malicious domain after a scammer sent his wife a phishing attack in the form of a text message. The text pretended to come from local mobile carrier EE and said: "We were unable to process your latest bill. In order to avoid fees, update your billing information via https://ee.co.uk.billing-update-jan02[.]info domain." (The spoofed domain contains a look-alike login page for EE.) Fortunately, Eden's wife has no account with EE, so she wasn't fooled. Nevertheless, he was surprised that the URL contained the letters "jan02," or the same date the text message was sent to his wife. This helped the message look even more convincing when EE's official domain is ee.co.uk. "If you're stood up on a crowded train, with your phone screen cracked, would you notice that a . is where a / should be? A quick look at the (URL) shows a trusted domain at the start— followed by today's date," he wrote in his blog post. But in reality, ee.co.uk.billing-update-jan02[.]info is an entirely separate domain. The telltale sign is the ".info" at the end of the URL. However, an unsuspecting victim could have easily overlooked it and instead paid attention to the "ee.co.uk" at the start of the URL, and assumed the domain to be legit. Not helping the matter is how the malicious domain obtained an SSL certificate from Let's Encrypt, a non-profit certificate authority. As a result, the domain will show a https:// encrypted connection, which can also fool users into thinking it's a scam-free site. "Money and technical expertise used to be strong barriers to prevent people from registering scam domains. But those days are long gone. There are no technical gatekeepers to keep us safe. We have to rely on our own wits," Eden added. The good news is that browsers have already flagged ee.co.uk.billing-update-jan02[.]info as a malicious domain, and will warn users from visiting it. However, the domain itself is still up. If you do visit it, you'll see a look-alike, but fake login page to EE, which is likely designed to steal your email address and password. Let's Encrypt didn't immediately respond to a request for comment on why an SSL certificate was given to the domain.