What is website spoofing?

Website spoofing is a scam whereby cyber criminals create a website that closely simulates a trusted brand as well as a domain that is virtually identical to a brand’s web domain. In this case it’s Eir the scammers are replicating. The goal of website spoofing is to lure a brand’s customers, suppliers, partners and employees to a fraudulent website and convince them to share sensitive information like login credentials, Social Security numbers, credit card information or bank account numbers.

How the scam works?

Typically when users want to top up thier Eir sim card, they Google Eir quick top up and the scam artists know and understand the analytics behind this. They have their research complete and realised this was a popular input string for users to gain accesstot the Eir quick pay top up area. This is a much easier process than remembering the actual domain to top up your Eir sim card online.

 The steps involved :

1. The end user types in “Eir quick top up” as an example



2. The following results show on Google :



When the unsuspecting end user clicks on the number one listing on Google search engine as highlighted above, it looks like a very genuine advert with the genuine URL  https://www.eir.ie

 3. When the end user clicks on this sponsored advert on Google as above, the following weblink appears :


4. Looks genuine right? This is where the clever phishing technique via website spoofing has won over. Now before we move on, lets look at the actual genuine Eir top-up page :

Can you spot the difference?

5.The URL link from the spoofed website of Eir is https://my-eir.com/ whereas the genuine URL is https://www.eir.ie/mobile/top-up/quick-top-up/

 Note the subtle difference in the website domain?

6. Ok so I’ve entered my debit/credit card details into the spoofed domain. So what happens next?

 You are inadvertently sending your bank card details to the scammers and there authenticating these details with the bank in real-time. So you may spot a Google Wallet text message going to your phone by SMS saying that your payment was successful. Then a genuine SMS from BOI/AIB etc.

Essentially you have just transferred funds over to the website spoofers completely unbeknown to yourself.

 7. Can they take more funds from your account? The key thing here is to contact your bank and cancel your card with immediate effect to ensure the integrity of your bank account.

 8. Why has the domain https://my-eir.com/ not been detected as malicious? Even with great products like Microsoft Safe Links, this domain has not been detected, as it’s actually not a malicious link. There are no trojans/viruses etc that are stored with the domain itself to infect the end-user. Rather clever entrapment to acquire bank details.

 Advice here is to look up the domain with a solution such as https://www.virustotal.com/ to see exactly how clean the website is. Bare in mind it could very well come back as completely clean in the early stages. Below as of today, you can see it’s marked as suspicious as a phishing threat

 Actions to take from this phishing scam?

 Ensure phishing training is provided to your employees such as the Microsoft Attack Simulator programme. This is a good start to raise awareness within the company around these types of scams that can be extremely deceiving. Brand reputation is key and avoiding exposure to such scams has a lot to do with understanding of these types of latest threats.

 Contact Tier3Tech today on 01-5293555 or info@tier3tech.ie to learn more about staff training on Phishing Awareness for your company. 

Want More Information on Microsoft Secure Score?

Contact Tier3Tech today to find out more about Microsoft Secure Score and how our cloud optimisation services in Ireland can help your business.