Good afternoon everyone and welcome back to another post from ToBeSecured. There is only a week and some change left of February which means you should start planning now. The goals that you haven't had time to accomplish are now pending for the month of March if you don't conquer them in the next 10 days. On yesterday's episode of Cyber Tuesdays, I discussed how people steal the content of others, create a copy of a user's profile page, and pretend to be that user in hopes of scamming or tricking other people. If you've ever been a victim of identity theft or know someone who has, share the video with your friends and family. Stay tuned also for some exciting news and upcoming things that are pending.
On today's topic of ToBeSecured, a post from Medium caught my attention about SMS phishing attacks, or smishing. Today, I'll help you in spotting these kinds of scams and some tips if you happen to fall into a trap!
I'll begin with stating if you accidentally or purposefully open a phishing text, check the domain of the link that's attached. The domain shouldn't be a name that you trust or even recognize in this case. If possible, try and click on things at the footer of the webpage and check for the copyright. Its 2020 which means I need to update my footer of my blog before someone thinks I'm trying to scam! But, yes 2020 should be the year next to the copyright symbol. If some or most of the links in the footer do absolutely nothing, that's a red flag.
Another thing is we've been brainwashed to think the padlock in front of a URL is a great sign that you're on a trusted site. But, nowadays anyone can have a padlock on a website.
Here's where Google Chrome comes into the issue. I'm not sure if the author of this post had issues with the browser because they were using an android or if they didn't configure chrome to locate hacker-made sites. Either way, Safari notifies me of sites that look real phishy as well as Chrome via my mobile phone and work computer. I cannot say the same for my PC only because I will be trashing it soon since it was used only for homework purposes. In the case of the author, whenever they navigated to the link via their mobile device, there wasn't any big red warning message! The message usually pops up as: “Deceptive Site Ahead!” with the warning sign to notify the viewer.
If you come across a login page after clicking the link, try logging in with made up information and see if you get an error message or if it allows you to proceed, that's also a red flag. If you proceed, you'll probably notice you still aren't logged in but on the hacker's end, they have processed that made-up information.
Here's what happens if you enter real information: you've given away your name, email address, password, phone number, and other additional information associated with your account. All of this information can be sold on the dark web (black market) for profit or used directly to commit fraud or to gain access to your accounts.
If you do fall for a scam like this, change all of your passwords, change all of your security questions, enable Multi-Factor Authentication on all of your accounts that support it, contact your bank, and contact the relevant authorities for reporting cybercrime and fraud.
What are your thoughts on this topic? Subscribe to my blog if you haven't already and follow my Instagram - ToBeSecured for CyberTuesday vlogs. I will be launching my YouTube channel soon so be on the lookout for that as well. Thank you for tuning in and remember ToBeSecured!
Comments