You’re first asked to log in to your PayPal account:īy this point, of course, the crooks are already ahead because you’ve just uploaded your password to their bogus site.įor a touch of reassurance, there’s a legitimate-looking visual delay before the crooks hit you with their next phishing page: If you click through, the phishing scam is uncomplicated and, at least at first sight, believable enough. Sure, a site without HTTPS is best avoided – anyone nearby on the internet can spy on what you are doing, because there’s no encryption.īut a site with HTTPS isn’t automatically trustworthy on that account alone.Īfter all, crooks can have valid driving licences or other government-issued ID, but those IDs only vouch for who they are, not for their honesty or trustworthiness. It doesn’t vouch for the honesty or accuracy of the information that gets served up to you. Remember, however, that HTTPS vouches for the security of the network communication between your browser and the website at the other end. HTTPS doesn’t guarantee truthĪs you can see above, both websites use HTTPS, which denotes secure HTTP. Most of us use our phones in portrait mode, leaving much less screen space to display long URLs, with the result that you generally see the just left hand end of the web address, and not the right hand end.Ĭrooks almost certainly can’t get hold of a server name that ends with, say, paypal DOT com, but can create any number of subdomains that start with paypal DOT and end with some unrelated domain.īut the suspicious-looking right-hand end of a full domain name often ends up invisible on a mobile phone because it won’t fit in the address bar.
Like these two reported by Naked Security readers recently:īoth website names used in these text messages were registered just a day or two before the messages showed up, presumably for the sole purpose of these very phishing campaigns.Īs we’ve warned before, a tricky problem with any web links you receive on your mobile phone is that it’s often harder to spot that a link is not what it seems. SMS messages are short and simple, with no room for “Dear Sir/Madam”, so people don’t expect to be greeted by name there are usually few pleasantries or polite words and there’s no need for fancy layout, icons, fonts or other typographical and artistic details.Īs a result, crooks can create believable fakes, with no obvious mistakes, fairly easily.
0 kommentar(er)
