I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. [Though, I wish I had come to this realization before I had to spend a whole day cleaning malware off their device because they clicked on something they shouldn’t have.] Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious. Here’s what they discovered:
1- Misspellings and poor English grammar. They quickly saw that “Pleasecheck” is one word, and that the rest of the message is stilted with missing words or words in the wrong order…like “Pleasecheck carefully your Amazon account” where the word carefully is in an atypical location in the sentence. Additionally, people would more commonly talk about an unusual login rather than an abnormal login, and the message says to “link” rather than “click” to recover your account.
2- The blue link seems wrong. You’d expect Amazon to actually take you back to amazon.com with some extension…instead this link is to “amzon-1. shop” which is clearly suspicious. In fact, I explained that this bad link is actually more obvious than usual. Many phishes will just offer some text with an embedded link, such that you would need to hover over it (without clicking) to see the actual link address.
3- Who’s it from? This last one took a while to find, but finally they noticed that it’s actually from a phone number. While you can get phone numbers from large corporations, they often now use short codes. Also, legitimate texts about this topic would generally include more of an explanation and offer additional contact options rather than just the one link. I was also able to point out that I don’t have texting set up as a communication option with my Amazon account, and so getting a text from Amazon struck me as very odd and caused me to question it.
I don’t know if my kids will remember these lessons, but I like to think that just spending the time with them discovering this mobile phish will cause them to look a little closer at these things. I invite you to do the same with your family, and I hope that you avoid some unpleasant headaches down the road.