Through the news on the internet came across the two articles about:-
- The Chinese nationals operating in India and carried out the fraud by just simple links. (will explain how such frauds operate)(please refer to Crimetak news channel youtube link https://youtu.be/BreBz3nw_5w)
- The Prominent former NDTV anchor was the victim of a phishing attack (a term commonly used in bank-related online fraud but has a vast meaning, please refer to this) when an offer of Harvard journalism professorship found fake.
Being a graduate
we know how this scoop work, you know why? Because in our life we all are at some stage are the victim
of such phishing attacks, maximum unknowingly.
In the early days
of graduation, the internet was in its premature stage so do we. In those days,
we had a long list of stories just like that about fake websites fake
interviews. I have a ton of such stories. With the evolution of the internet
the prima facie act of such scams never changed a bit, only a few toppings were
added in the recipe of scam.
The goal is to trick you into believing that a message has arrived
from a trusted person or organization, and then convincing you to take action
that gives the attacker exploitable information (like bank account login
credentials, for example) or access to your mobile device.
Such scam works in
layers that exist as early as the 1990s. The most common scams encountered
these days are:
- Fake emails with links to various job offers. (nowadays many websites has a prior popup about their hiring process and explaining how on can be fooled by their names)
- Fake websites offering different perks. (about franchise, lottery & other lucrative stuff)
- Fake links of apps that stole data from mobile devices and laptops. (hacking is just a little part of that we always worried about but the actual risk involved are too much)
- Creating a clone Facebook id, and asking for money.
- Smishing is a cyberattack that uses misleading text messages to trick victims into sharing valuable information, installing malware, or giving away money.
- Phishing, smishing, vishing all have the same script but the mode of the apprentice is different.
With lots of stuff
going on the WhatsApp policy updates, such scams surfacing getting media
attention and coverage, and all of sudden we are all wondering what kind of
situation we are all into it, on the open ground of the internet. You all have
come across posts and articles about the same. Am,I right?
Now wondering how
we can prevent ourselves from such horrors’ (ferocious) acts on the internet.
The simple answer is fully bulletproof plan is impossible but as doctors always
say “prevention
is better than cure”.
So now try to
understand what are the steps of this script but before that, it is important
to be aware of how these scammers work.
A simple lesson to learn is “nothing is free in this world, if someone offers something for free, then my friend believe it or not “Product” is you only”.
I am no hacker but I can simply learn your location, mobile device
info, your IP address, mobile connection (much more) I can do all these from a
simple link, I just shared in this article. (how?)
You all will be
wondering what? How?
I simply shared a
link, you clicked on it and it takes you where you wanted to be or what it said
to do (in this case youtube video of the official page of Crimetak).
Then how I got all
this information related to you.
Did I add something to the link that was not visible or you just
ignored the little details? The answer is both.
You know “how”?
Let me explain it
to you. All scammers have the old-school basic typical script that they follow
in their hearts which starts, when you receive an SMS email phone call or visit
a website, asking to click a link or allowing cookies for a better experience.
There are few Indicators that should always ring a bell but we
mostly ignore them:
- Receiving texts/communication using unnatural or use of ungrammatical language,
- Offers that seem too good to be true, usually they are
- Scripts asking to click embedded links or download apps directly from a text message(which you just did which I shared)(if not, by curiosity visited the link at least once to look at what was in it)
- The IRS and Social Security Administration don't communicate via text. (they started doing now, but a few things must be kept old school)
- Allowing cookies while surfing the website. (we just ignore the popup message and click allow)
- Saving our password on the different websites and web browser
What I did was
sharing a piece of genuine information with a valid link but in between the link I added few scripts that were visible but ignored by all (cookies also do
the same)
Any genuine link
always start with https:// but was
my link the same? No, similarly all the links have similar characteristics,
anything before https:// is a sign
of a manufactured link, which may result in data theft. Few examples are:
- Check shortened URLs
- Look for misspellings
- Keep an eye out for an extra URL words
No comments:
Post a Comment