An example that you can see that the phishing scam is so sophisticated that even the experts are likely to be damned
by
Phishing scams that extract credit numbers and account information via URLs in emails are becoming increasingly common, and their methods are becoming more sophisticated. Jeffrey Ladish , a security expert, shared the latest scam schemes, claiming he was nearly unaware of phishing scams.
Anatomy of a rental phishing scam ????-jeffreyladish.com
https://jeffreyladish.com/anatomy-of-a-rental-phishing-scam/
Phishing scams that send texts created by computers rather than humans can often be identified as 'scams' because of their unnaturalness. However, in the fraudulent scheme that Ladish encountered, the text was very natural, and he finally realized that this was a fraud in the third email exchange.
Ladish was most likely to be scammed when he was looking for rental homes in San Francisco, USA on Craigslist . Ladish, who found her favorite property in the list, shared her phone number with the lender via email and asked for the lender's phone number that was not listed on the page.
Then, the following reply came from the email address '[email protected]'. An e-mail from a person who claims to be 'David Grinde' says, 'I'm far from work, I'm not using a rented house.' 'Long term, looking for someone to borrow for at least three months. In addition, questions such as the rental period, the number of people moving, and the annual income were written in a question-and-answer format. Ladish thought he was strange about David Grinde talking about what he was not asking, but did not consider it a phishing scam at this time.
Because, in the process of searching for rental homes, many of the landlords had lived far away from the property, so the content itself was not unnatural. The questions were of interest to lenders as well, and there were no grammatical artifacts. Ladish replied to the email by answering the question. She answered, 'Okay, I'd like to rent you a home,' but asked Ladish, who asked for a phone number, to say, 'I don't have a mobile phone. I want to proceed with the email. '
In addition, when there was an offer to 'pay via Airbnb', Ladish said he was suspicious that 'is this a phishing scam?' The email was accompanied by a picture of the person who claims to be David Grinde, but also about this, Ladish said that the email sender had the impression that he was trying to convince himself that he was a real person Talking.
Ladish then asked the Airbnb URL to identify the phishing scam. The following is the email sent from the other party, the link destination is 'https://airbnb.com/rooms-83710948 ... ...', and at first glance it looks like a regular Airbnb URL.
However, when checking the link destination, it was discovered that the domain was actually `` https://airbnb.com.rooms-83710948.town '' instead of `` https://airbnb.com/rooms-83710948 '' .
This is where the linked page was actually opened. When the screenshot was taken, 'Dangerous' was displayed in the address field, but at first, this notation did not appear while communicating with the mail partner.
According to Ladish, 'The phishing team's operation was solid. Their English was perfect, their emails looked professional, and their phishing sites looked exactly like Airbnb.' Engineers-hibernia-chevron.ca Is also redirected to the website https://www.hibernia.ca/, which adds legitimacy. '
In addition, Ladish analyzed that the phishing team had intentionally omitted information such as phone numbers. In this way, the borrower will need to ask the lender for the phone number and Airbnb URL by e-mail, creating a feeling that 'the other party has trouble'. And it is also clever to give it the impression that it is 'reliable' by relaying many times and finally mediating the Airbnb URL, 'If you are seeking bank account information at an early stage, you are warned and fraudulent I would have missed it soon, 'said Ladish.
From the above experience, Ladish has shown the following four points to protect himself online.
1: Check the link source when you interact with strangers online.
2: Remember that email addresses can be fake and domain names are not what they look like. The email address '[email protected]' is not really the email sent by the FBI.
3: Find signs that the other person is trying to convince you that you are real.
4: The first feeling of discomfort this time was that the other party told me that they could only exchange by email. When interacting with a remote person, you should use multiple methods, such as video calling and Facebook, to confirm that the person is genuine.
Related Posts:
in Note, Posted by darkhorse_log