SMShing : Don’t let new tactics get you phished!

Evolving and progressing in life goes hand in hand. One must always make efforts to progress so life doesn’t get stagnant. However, in recent years phishers seem to have taken this mantra way too seriously; as every year they tend to come up with new tactics to phish their victims. Just with the onset of the new decade, phishers came up with a new technique to swindle victims using the same old phishing technique but with a new twist to make it look more genuine and easy to trick.

What is the hype all about?

In the month of January this year, computer expert Terence Eden brought into the knowledge of people about a new trick that is being used by the phishers. Reportedly, the phishers sent a message to his wife masquerading themselves to be from EE asking for personal information using a different type of URL. Fortunately, Eden’s wife was not a user of EE; however, Eden did manage to notice a weird and new thing in the message. The message read:

As can be clearly seen in the URL above, the phishers have managed to use three elements to make it look genuine.

1. The use of HTTPS://
2. Using the real and official subdomain, that is ee.co.uk and,
3. The main element of the date, that is Jan 02

What is the cause of concern

The elements as stated above has caught all the attention and also the causes of concern.

1. Use of HTTPS:// – One of the main concerns and reason to worry about is the throwaway prices at which the domain servers provide sub-domain these days. Anyone can easily get access to domain names of popular and established companies, making it difficult for non-tech savvy and people unaware of such attacks to become prey of one. These hoax websites manage to get the SSL certificates due to which the sign of lock is shown in the address bar; which makes the whole act look even more real.
2. The ee.co.uk was just a subdomain that was replicated and constructed by adding other information which is usually not added in phishing e-mails, making them look more genuine.
3. The current date was added in the URL which is a new card played by the phisher. When a potential victim comes across such a message, they see “jan02.info” which makes them believe that the link has been directed from the company itself.

To sum up final thoughts

The beginning of the new decade has brought with itself some new risks as well. Phishers are trying their best to stay one step ahead and trick people into traps. However, as an aware netizen, you must try not to fall in such a trap and be alert with the link and websites you are visiting. Keeping track of all the new tricks used by phishers and the precautions available to protect oneself will help you in the long run.