Sunday, January 17, 2021

Script of a phishing, smishing attack, how fake links, websites and emails works?

 Through the news on the internet came across the two articles about:-

  • The Chinese nationals operating in India and carried out the fraud by just simple links. (will explain how such frauds operate)(please refer to Crimetak news channel youtube link https://youtu.be/BreBz3nw_5w)
  • The Prominent former NDTV anchor was the victim of a phishing attack (a term commonly used in bank-related online fraud but has a vast meaning, please refer to this) when an offer of Harvard journalism professorship found fake.

Being a graduate we know how this scoop work, you know why? Because in our life we all are at some stage are the victim of such phishing attacks, maximum unknowingly. 

In the early days of graduation, the internet was in its premature stage so do we. In those days, we had a long list of stories just like that about fake websites fake interviews. I have a ton of such stories. With the evolution of the internet the prima facie act of such scams never changed a bit, only a few toppings were added in the recipe of scam. 

The goal is to trick you into believing that a message has arrived from a trusted person or organization, and then convincing you to take action that gives the attacker exploitable information (like bank account login credentials, for example) or access to your mobile device.

Such scam works in layers that exist as early as the 1990s. The most common scams encountered these days are:

  • Fake emails with links to various job offers. (nowadays many websites has a prior popup about their hiring process and explaining how on can be fooled by their names)
  • Fake websites offering different perks. (about franchise, lottery & other lucrative stuff)
  • Fake links of apps that stole data from mobile devices and laptops. (hacking is just a little part of that we always worried about but the actual risk involved are too much)
  • Creating a clone Facebook id, and asking for money.
  • Smishing is a cyberattack that uses misleading text messages to trick victims into sharing valuable information, installing malware, or giving away money.
  • Phishing, smishing, vishing all have the same script but the mode of the apprentice is different.

With lots of stuff going on the WhatsApp policy updates, such scams surfacing getting media attention and coverage, and all of sudden we are all wondering what kind of situation we are all into it, on the open ground of the internet. You all have come across posts and articles about the same. Am,I right?

Now wondering how we can prevent ourselves from such horrors’ (ferocious) acts on the internet. The simple answer is fully bulletproof plan is impossible but as doctors always say “prevention is better than cure”.

So now try to understand what are the steps of this script but before that, it is important to be aware of how these scammers work.

A simple lesson to learn is “nothing is free in this world, if someone offers something for free, then my friend believe it or not “Product” is you only”.

I am no hacker but I can simply learn your location, mobile device info, your IP address, mobile connection (much more) I can do all these from a simple link, I just shared in this article. (how?)

You all will be wondering what? How? 

I simply shared a link, you clicked on it and it takes you where you wanted to be or what it said to do (in this case youtube video of the official page of Crimetak).

Then how I got all this information related to you.

Did I add something to the link that was not visible or you just ignored the little details? The answer is both. 

You know “how”? 

Let me explain it to you. All scammers have the old-school basic typical script that they follow in their hearts which starts, when you receive an SMS email phone call or visit a website, asking to click a link or allowing cookies for a better experience.

There are few Indicators that should always ring a bell but we mostly ignore them:

  • Receiving texts/communication using unnatural or use of ungrammatical language,
  • Offers that seem too good to be true, usually they are
  • Scripts asking to click embedded links or download apps directly from a text message(which you just did which I shared)(if not, by curiosity visited the link at least once to look at what was in it)
  • The IRS and Social Security Administration don't communicate via text. (they started doing now, but a few things must be kept old school)
  • Allowing cookies while surfing the website. (we just ignore the popup message and click allow)
  • Saving our password on the different websites and web browser

What I did was sharing a piece of genuine information with a valid link but in between the link I added few scripts that were visible but ignored by all (cookies also do the same)

Any genuine link always start with https:// but was my link the same? No, similarly all the links have similar characteristics, anything before https:// is a sign of a manufactured link, which may result in data theft. Few examples are:

  • Check shortened URLs
  • Look for misspellings
  • Keep an eye out for an extra URL words

 

Please Read More: Tips and Tricks while using the internet.

No comments:

Post a Comment