We’re going phishing in Americӓ!!!
How to spot phishing attacks
TL;DR; Stay woke! Always be suspicious, especially of things too good to be true.
Like every parent, my Mum cares a lot for us, and she’s always looking out for our progress. So this morning, she sent me this:
At first glance I was like whoa! The USA is opening its doors like that?
Then I saw the email address, and became suspicious. I then visited americaimmigration.us and saw this:
I immediately became convinced it was a scam, told her and she reached out to everyone she had told, to warn them.
Later today, I saw this tweet, that made me realize these attacks are only going to become more common place as our internet use grows, so everyone needs some basic knowledge of it.
I care about my family, so I showed them ways they can spot these things, and I want to share them with you.
Phishing is evil!
If you’re reading this to find more ways to exploit people, may a Container fall on your head.
In a phishing attack, a malicious person makes something fake and dangerous, look like something authentic, so that very few people get suspicious when they see it.
Some of the forms they can come in are:
1. Phishing User Profiles
I used to get lots of replies from twitter accounts like@ZenithBank050237 , asking me to send them private messages whenever I tweeted my problem.
A good way to spot these, is any account ending with multiple digits is NOT to be trusted, because they are throw-away accounts that anyone can just create and dump after a while.
Another way is the lack of a Verified marker for such an Entity as Zenith Bank. I remember being very suspicious of https://twitter.com/kudabank until they became verified.
2. Fake Email Addresses
Just like info@americaimmigration.us.
In this case, the person bought the http://americaimmigration.us website, but government websites usually end in .gov or .gov.<country> .
E.g.
.gov.uk for the United Kingdom
.gov.us for the USA
.gov.ng for NigeriaThese are called Top-level domains (TLDs), and the .gov ones are pretty-much restricted, so not anyone can just buy them.
When I saw a supposedly official letterhead from the US gov, ending with .us, I guessed something was up, because .us TLDs are not as restricted as .gov or .gov.<country> .
So now that you know this, always look at who is sending an email before you interact with it.
3. Web Links that are not what they seem
Here’s a totally innocent-looking web link:
https://puppies-and-cute-little-kittens.com
Go on, click that!
If you were rick rolled, it’s very easy to hide a link behind text that says something different.
Now imagine if the link had said,
https://a-totally-legitimate-bank.com
It might be far-fetched to ask you to always inspect links before you click them, but always look at the URL bar when you visit a page, to be sure you’re on the right page.
4. URLs that look legitimate
If after the last section you asked, “what if the URL looks legit”, you’ve come to the right place.
This tweet gives an excellent example:
Here, the a in gtbank is replaced with a unicode character ӑ , and it’s very possible to buy gtbӑnk.com for around $10 a year on Namecheap.
There are tons of other examples, making an exhaustive list a near impossible task, so I will leave you with these words of advice for staying safe on the Internet from Phishing attacks.
Stay Woke!
And like Bruce Banner in The Avengers, 2012,
Always be suspicious!
Attackers know that you like good things, and they will spend time, trying to find the perfect thing to appeal to your wants, so cross-check everything.
Have a great time on the Internet, guys!
