So it started 2 days ago. I received a message on one of the Freelance Jobs website.
Being a full time freelancer I’m always looking out for any project enquiries as they are my only source of income. As a responded to the enquiry, I got another message from my esteemed prospective client.
Even though it violates the policies of job posting forum, A client asking to look at a document outside of the forum for complete requirements is not unheard of. So I opened the link and found myself here.
Now hold on!!! Can you spot what is wrong in two of the images above?
The document is clearly asking to login to OneDrive, yet the URL in the URL box doesn’t read OneDrive or any other valid looking Microsoft URL.
And Here’s the One Step to avoid being Phished online
If you need a very basic explanation on what Phishing actually is, this video explains it very simply:
So the only precaution to take for avoiding a Phishing attack is: LOOK AT THE URL.
That’s it. If the URL in the address bar doesn’t match what the User Interface it claims to be, just click away.
For Fun, Read on..
So how did I respond to this attempt? Like a real engineer ?
I tackled this scammer in 3 steps:
The first thing to do was to take a look at what I was dealing with. A simple look at the HTML code gave me an Idea of what I was going to do.
The scammer wanted to collect email addresses and passwords, I decided to give him plenty, fake ones.
I wrote a simple python script that will try the login with a fake email id and a password. Then I set this login attempt to run over and over for literally a million times.
I want to make clear here, the intent of this little thing I did is not just to annoy the scammer. We have to consider that this person has tried the same scam on hundreds of people. If any of those have tried logging in to that website, the scammer has access to their real login credentials. I just posted a bunch of fake entries in that database of theirs so that it gets harder for them to misuse that information as they’ll have to go through literally thousands of them to find which ones are working.
After this I also reported this website as a phishing website to any provider that will take notice and surely enough, within 6 hours Google Chrome started showing this upon visiting this website
Obviously this scammer will find another domain, another victim, another platform for their operations, but there are more.
So if you think anyone should read this, Do share it with them. Or at least tell them this: DO CHECK THE URL!!