Timothy R. Primrose, Mobile Forensic Analyst
Millions of people have cell phones and use them to send text messages and browse the web daily. Many of these people have also fallen victim to phishing scams. Phishing is the process by which someone digitally disguises themself as a trustworthy source to obtain personal information or data such as usernames, passwords, social security number, or credit card numbers.
A phishing message is intended to look authentic, however it is baited to lure you in. Attention-grabbing words may be used such as “hacked” or “compromised,” in conjunction with the color red and exclamation points to reel people in to provide their “bank account” or other targeted pieces of information as quickly as possible. The phishing message may prompt a user to input their bank account number, username, or password to resolve falsified issues with their account, payment information, or suspicious account activity. However, the information inputted by the user is sent directly to the scammer and not the bank. Emails, text messages, and advertisements are all possible sources that may provide a phishing portal. Personal information entered or login attempts might grant the scammer with access to your accounts, possibly with answers to your security questions.
The following is an email that was forwarded to me from email@example.com. The email is from “Netflix.” The first identifier that this is a phishing email is the email address listed at the top. An email from Netflix would be sent from an email address such as firstname.lastname@example.org, not a long string of gibberish. If you read through the email, you will notice the second identifier that this is a phishing email- multiple grammar issues. A simple way to avoid this scam is to login to your account on a computer and look at your account details there instead of clicking the link included in the email. I did not have to check my account details on the official Netflix website, I simply accessed Netflix on my TV and started watching The Office. If my account was frozen due to a subscription payment failure, I would not have been able to stream anything through Netflix.
To avoid a phishing scam, use trusted sources for your accounts. Before inputting your credentials into an unknown source, call or visit the local branch of your bank, or call the credit card company directly at the number on the back of your card. Avoid free prizes, you more than likely did not win a boat or a $1000 Amazon gift card for being the 100,000 visitor to a website.
See if you can decipher which Facebook login below is malicious and would steal the input information.
Can you tell which log in screen is malicious? If not, look again, as most phishing scams would not be as obvious as the man in a hat shown in the image on the right. Oftentimes logos will be altered or missing altogether.
Make sure that you are signing into the appropriate platform whenever logging into an account-based app or website portal. Don’t get caught in a phisher’s net; be cautious of who you provide your personal information.
Timothy R. Primrose, Mobile Forensic Analyst with DJS Associates, Inc., can be reached via email at experts@forensicDJS.com or via phone at 215-659-2010.