Here are two internet domains: ee.co.uk and ee.co.uk.billing-update-jan02[.]info. They appear alike, don’t they? You might even assume they belong to the same domain. However, the second URL is an alarming example of a brand new approach to unsuspecting phish victims: Scammers have been incorporating the date into their malicious internet domains to help them spoof legitimate websites.
On Friday, UK-based computer professional Terence Eden blogged about the malicious domain after a scammer sent his wife a phishing attack within the type of a text message. The text pretended to come from local mobile carrier EE and said: “We had been unable to process your latest bill. To avoid fees, replace your billing information via https://ee.co.uk.billing-update-jan02[.]info domain.”
Fortunately, Eden’s spouse has no account with EE, so she wasn’t fooled. Nonetheless, he was surprised that the URL contained the letters “jan02,” or the same date the text message was sent to his wife. This helped the message look even more convincing when EE’s official domain is ee.co.uk.
The good news is that browsers have already flagged ee.co.uk.billing-update-jan02[.]info as a malicious domain, and will warn users from visiting it.