Phishing 101: The Abracadabra Coin Bait They Haven’t Warned you About!
Phishing, an effective social engineering attack that leverages deceptive emails, text messages and websites to steal private user data, has been viewed as an attacker’s personal ‘bestie-bestie’ arsenal for a looong time(I had to use Morgan Freeman’s voice when saying a “looong time”, so satisfying, try it ). Anyway, attacks caused as a result of phishing, have grown exponentially, especially during the covid-19 era due to the wide digital adoption.
To those of you who got a chance to try out investing in cryptocurrency, I believe you’ve learnt a lot by now. You’re the group I’m targeting in this post today. If there was an award for the bravest and strongest at heart, the award would definitely go to you :) I’d name the trophy “This Human is Brave” ’cause you guys have survived a lot of wave trials; covid + market crash v1 + market crash v2…but all is good.
Anyway, to cut the story short, there’s this phishing email my twitterati friend received, that caught my attention and I had to alert you about. Below is a screen dump of it:
If your non-techie friend who’s into crypto saw this on his inbox, what do you think she/he/they(let’s forget about pronouns for now) would do? You guessed it right, he’d probably click on the link(s) without giving it a second look.
Let’s now break down the above email into chunks for proper awareness. To start with, we can be 100% sure this email won’t be flagged as spam since it utilizes google’s mail domain(**.google[dot]com) to avoid being flagged as spam by hiding the insecure phishing content using the google form, and lastly, it utilizes the “Send Me a Copy of My Responses” feature to effectively manipulate the victim into clicking the attached links contained within the crafted message.
You probably floating in thoughts by now like:
Like, how has it been happening? This has been happening due to the fact that anyone with a registered workspace account can easily send out emails with the “no-reply@..” without having to spoof the mail which would otherwise be blocked by google.
Time to trash: The “What to do when you receive a phishing email”
So, What should you do when you receive a phishing email?
If you receive a suspicious email, do not open it, instead, mark it as junk/spam and delete it immediately. If you accidentally open it, do not download any attachments or click on the links no matter how convincing they’re. Lastly, you can report it to your security team or friend(s) so as to help them avoid falling for the same phishing attempts.
