When was the last time you received a phishing attempt through text? I’m guessing it was earlier this week, if not at some point today. Being part of the cybersecurity community keeps us watchful and aware of the ways scammers try to steal our information. But how adept are our parents at spotting these scams? The dangers of online scams and mobile phishing are real and everywhere. Yet, many of our parents and grandparents are navigating this new form of deception without much understanding.
Today provides you with the opportunity to open the door to a conversation about mobile phishing. Take Your Parents to Lunch Day is celebrated on the 11th of October and offers you the chance to not only spend quality time with the family that came before you but also open the door to a conversation that will help keep them a bit safer on their phones. So, invite your parents to lunch and then take a screen capture of the mobile phishes you’ve seen lately to create a “teachable security moment.”
Here's an example of a phish that I received just this morning and some details on what you/they should be on the lookout for:
1.) Misspellings and poor English grammar - This phisher referenced a “wearhouse” and the word address is definitely not “adddress.” The rest of the message is stilted with confusing directions, asking the reader to “Reply to 1…”. The list of directions is also confusing and out of the normal, never taking the recipient back to amazon.com or the phone app.
2.) The link seems wrong - You’d expect Amazon to take you back to amazon.com with some extension…instead, this link is to “amazon.gasre.top” which is suspicious. This bad link is more obvious than usual. Many phishes will just offer some text with an embedded link, so you need to hover over it (without clicking) to see the actual link address.
3.) Who’s it from? - While you can get phone numbers from large corporations, they often now use short codes. Also, legitimate texts about this topic would generally include more explanation and offer additional contact options rather than just one link. It’s also not a bad idea to check settings in Amazon to understand if they even have texting set up as a communication option. If not, getting a text from Amazon is odd.
While a single conversation may not prevent every phishing attempt you or your parents may face, I think just spending time with them discovering this mobile phishing will cause them to look a little closer at these things.