The website Sporcle was launched in 2007 to provide online quizzes for trivia junkies all over the world. Quizzes on the site feature subjects of all kinds from geography to sports to Harry Potter. Since its launching, its more than one million quizzes have been played more than four billion times. One of the most popular categories is corporate logos where the site gives you full or obscured versions of the logos of national brands and asks the users to identify them. This quiz is typical of the genre and has been played more than six million times. What does this have to do with cyber security? Well, the more you know about corporate logos might help you avoid an emerging scam.
Recently, cybercriminals sent out an email pretending to be from the telecommunicaitons company Verizon. There are 143 million Verizon customers so it was a good chance that the scammers were going to hit inboxes that might expect an email from their provider. Verizon’s logo is recognizable, it features the name of the company with a red check mark at the end, recalling the “v” of the company name. It’s famous but because it’s just letters and a symbol, it’s pretty easy to fake—verizon√—look, we just did it.
Using the fake logo, the cybercriminals sent a phishing email that was pretending to be a voicemail notification. The email instructed the recipient to click the “play” button embedded in the email to listen to the voice message. If the user did that, they were taken to a fake Verizon webpage and were asked to log into their account for authentication, giving the scammers access to the user’s information.
This is insidious but all too common. We all get emails every day from corporations either as advertisements or as announcements, and we see corporate logos all the time just assuming they are legitimate. Scammers are counting on you letting your guard down but it is important to stay steadfast when requests come through email.
Think before you click on anything. Is the request unusual? In this case, wouldn’t you be getting a voicemail on your phone, not your inbox? There are times when logging into an account is necessary but before you give over your credentials, make sure the request is on the level or, better yet, find a phone number to call to confirm. Further, if an email from an organization asks you to log into your account, don’t click the link they provide but open your browser and go directly to the company’s website and log in there. That way you can be sure you’re logging in from the true source.
And there’s always online quizzes to help you recognize the real logos from the fakes.