The latest Phishing Scam by Hackers – Website Spoofing of Eir

What is website spoofing?

Website spoofing is a Phishing Scam by Hackers in which cybercriminals create a fake website that closely imitates a trusted brand, including a domain that looks almost identical to the real one. In this case, scammers are replicating Eir. The objective is to trick customers, suppliers, partners, and employees into visiting the fraudulent site and submitting sensitive data such as login credentials, Social Security numbers, credit card details, or bank account information.

How the scam works?

When users want to top up their Eir SIM card, many search for Eir quick top up on Google instead of typing the official domain. Hackers have identified this behaviour and use it to their advantage. Their research shows that “Eir quick top up” is a highly searched phrase, making it the perfect entry point for attackers to position a spoofed site at the top of search results. This allows the Phishing Scam by Hackers to redirect users to a fake quick-pay page that looks authentic but is designed to steal personal and financial information.

The steps involved :

1. The end user types in “Eir quick top up” as an example

2. The following results show on Google :

When the unsuspecting end user clicks on the number one listing on Google search engine as highlighted above, it looks like a very genuine advert with the genuine URL  https://www.eir.ie

3. When the end user clicks on this sponsored advert on Google as above, the following weblink appears :

4. Looks genuine right?

This is where the clever phishing technique via website spoofing has won over. Now before we move on, lets look at the actual genuine Eir top-up page :

Can you spot the difference?

5.The URL link from the spoofed website of Eir is https://my-eir.com/ whereas the genuine URL is https://www.eir.ie/mobile/top-up/quick-top-up/

Note the subtle difference in the website domain?

6. Ok so I’ve entered my debit/credit card details into the spoofed domain. So what happens next?

You are inadvertently sending your bank card details to the scammers and there authenticating these details with the bank in real-time. So you may spot a Google Wallet text message going to your phone by SMS saying that your payment was successful. Then a genuine SMS from BOI/AIB etc.

Essentially you have just transferred funds over to the website spoofers completely unbeknown to yourself.

7. Can they take more funds from your account? The key thing here is to contact your bank and cancel your card with immediate effect to ensure the integrity of your bank account.

8. Why has the domain https://my-eir.com/ not been detected as malicious? Even with great products like Microsoft Safe Links, this domain has not been detected, as it’s actually not a malicious link. There are no trojans/viruses etc that are stored with the domain itself to infect the end-user. Rather clever entrapment to acquire bank details.

Advice here is to look up the domain with a solution such as https://www.virustotal.com/ to see exactly how clean the website is. Bare in mind it could very well come back as completely clean in the early stages. Below as of today, you can see it’s marked as suspicious as a phishing threat

 Actions to take from this phishing scam?

 Ensure phishing training is provided to your employees such as the Microsoft Attack Simulator programme. This is a good start to raise awareness within the company around these types of scams that can be extremely deceiving. Brand reputation is key and avoiding exposure to such scams has a lot to do with understanding of these types of latest threats.

 Contact Tier3Tech today on 01-5293555 or info@tier3tech.ie to learn more about staff training on Phishing Awareness for your company.