Scam Number:
Scammer’s Website or Email: https://usr02-fdlty.com/login
Additional information about this scam:
Scam Number:
Scammer’s Website or Email: https://usr02-fdlty.com/login
Additional information about this scam:
Can any one of you figure out what are objectives this fake lander is trying to achieve ? @OfclyGoodenough @FIREFIGHTER619
The page looks to be down now. Large companies like Fidelity usually monitor for when lookalike domains get registered so they can take them down. At a high level, these pages will collect credentials for users, then threat actors will usually test to see if they can login to Fidelity, or see if those same set of credentials will work for something like social media, email, etc. If multi-factor authentication is setup for the user, they may even try to SMS phish the user into sending them the OTP so they can get in and transfer out money to their own accounts.
Having usr02 in the domain name is a little specific. I’m not sure if there might actually be a usr02[.]fidelity[.]com somewhere or if they are just picked that at random. I did see that within SAP, there’s USR02 table that stores logon data, so that could have some significance.
The direct link returns a 503 error but if you go to usr02-fdlty dot com you get the phishing page. It collects username, password and phone number. I baited it but haven’t gotten any calls or OTP code requests yet. The ending page is this: https://usr02-fdlty.com/processing .
This single url has been active for too long , it does not open on vpns or other Geos mostly works on American residential IPs. I have reported it to the issuer of the domains ( Godaddy ). I hope they Shut it down .