An example that you can see that the phishing scam is so sophisticated that even the experts are likely to be damned
by Pawel Janiak
Phishing scams that extract credit numbers and account information via the URL described in the emailMore and moreAnd its tricks are becoming more sophisticated. Security expertJeffrey LadishHas disclosed the latest scam scheme, claiming to be nearly in danger of not being aware of phishing scams.
Anatomy of a rental phishing scam ????-jeffreyladish.com
Phishing scams that send texts created by computers rather than humans can often be identified as "scams" because of their unnaturalness. However, in the fraudulent scheme that Ladish encountered, the text was very natural, and he finally realized that this was a fraud in the third email exchange.
Ladish was about to be scammed,CraigslistWhen looking for rental homes in San Francisco, USA. Ladish, who found her favorite property in the list, shared her phone number with the lender via email and asked for the lender's phone number that was not listed on the page.
Then "(email protected)"The following reply came from the email address." An e-mail from a person who claims to be "David Grinde" says, "I'm far from work, I'm not using a rented house" "Long term, looking for someone to borrow for at least 3 months In addition, questions such as the rental period, the number of people moving, and the annual income were written in a question-and-answer format. Ladish thought he was strange about David Grinde talking about what he was not asking, but did not consider it a phishing scam at this time.
Because, in the process of searching for rental homes, many of the landlords had lived far away from the property, so the content itself was not unnatural. The questions were of interest to lenders as well, and there were no grammatical artifacts. Ladish replied to the email by answering the question. She answered, "Okay, I'd like to rent you a home," but asked Ladish, who asked for a phone number, to say, "I don't have a mobile phone. I want to proceed with the email. "
In addition, when there was an offer to "pay via Airbnb", Ladish said he was suspicious that "is this a phishing scam?" The email was accompanied by a picture of the person who claims to be David Grinde, but also about this, Ladish said that the email sender had the impression that he was trying to convince himself that he was a real person Talking.
Ladish then asked the Airbnb URL to identify the phishing scam. The following is the email sent from the other party, the link destination is "https://airbnb.com/rooms-83710948 … …", and at first glance it looks like a regular Airbnb URL.
However, when checking the link destination, it was discovered that the domain was actually “ https://airbnb.com.rooms-83710948.town '' instead of “ https://airbnb.com/rooms-83710948 '' .
This is where the linked page was actually opened. When the screenshot was taken, "Dangerous" was displayed in the address field, but at first, this notation did not appear while communicating with the mail partner.
According to Ladish, "The phishing team's operation was solid. Their English was perfect, their emails looked professional, and their phishing sites were exactly what Airbnb looked like." Engineers-hibernia-chevron.ca Is also redirected to the website https://www.hibernia.ca/, which adds legitimacy. "
In addition, Ladish analyzed that the phishing team had intentionally omitted information such as phone numbers. In this way, the borrower will need to ask the lender for the phone number and Airbnb URL by e-mail, creating a feeling that "the other party has trouble". And it is also clever to give the impression that it is "reliable" by interchanging the URL of Airbnb many times and finally, "If this is asking for bank account information at an early stage, it is alert and fraudulent I would have missed it soon, "said Ladish.
From the above experience, Ladish has shown the following four points to protect himself online.
1: Check the link source when you interact with strangers online.
2: Remember that email addresses can be fake and domain names are not what they look like. "(email protected)Is not actually the email sent by the FBI.
3: Find signs that the other person is trying to convince you that you are real.
4: The first feeling of discomfort this time was that the other party told me that they could only exchange by email. When interacting with a remote person, you should use multiple methods, such as video calling and Facebook, to confirm that the person is genuine.