Phishing scams – you can lose everything!

According to niebezpiecznik.pl, this type of extortion is the most popular in our country. It is said that even the famous “granddaughter” theft method chased away with the scale and sum of thefts.

I am writing about this because a large number of people in our country are still unaware of this attack and the problem it is associated with. All because he looks quite innocent and credible.

I recently received an SMS from a good friend who was fortunate enough to ask if she should pay:

Fig. 1 Screen-shot showing one of the variants of SMSs that the criminal sends to extort access to the victim’s bank account

This is the quoted text I received from her. If you think the threat here is the loss of PLN 1.50 then read on.

The link that appears in the text message leads to a fake payment intermediary website (most often DotPay, Przelewy24 or all known PayU).

Fig. 2 Example of a PayU substituted page. Source: niebezpiecznik.pl

Fig. 2 shows a classic example of phishing. The page pretending to be a PayU payment broker looks exactly like the original. Except for one detail – the URL bar. The criminal even took care of using SSL in the address bar (prefix https: //) which is to add credibility. For those who do not know, CloudFlare.com allows you to implement such a protocol on your site. And it’s free. An additional obstacle under the victim’s feet is displaying the page on the smartphone – on “long” pages the URL bar in the browser can hide. Then recognizing the fake page is practically impossible.

So by acting routinely, quickly and carefree, you make a small fee. You work mechanically. After all, you’ve done it hundreds of times. So you select your bank, then enter your ID and password to log in. At this point, you are sending your real ID and password to the criminal:

Fig. 3 Example of a substituted login page for mBank via PayU. Source: niebezpiecznik.pl
 
Now there is only one thing left that will make everything you keep on your account disappear. It’s about confirmation SMS. By default, when you make a payment, you receive this SMS. So reflexively, without delving into the content, you search for the last numbers at the end of the SMS and enter them.
 
Voila! Now the criminal has everything he needs. The SMS you received is most often not a login SMS, but an SMS that the criminal generates on your account when he wants to add a trusted recipient to your bank account. Thanks to this, when he will make transfers from your account (or rather one large transfer to save time), he will not have to confirm the transfer by SMS. So you can guess what happens next.

How to defend against this?

Three ways comes to my mind:
1. Sobriety of mind. When your money is at stake, be careful to overdo it and think soberly. When you make a transfer, focus only on that. After all, it’s all about your money and the security of your savings. It doesn’t take too long. The rest can wait. Pay attention to the page where you are logging in. See if the domain of the website is entered correctly (substituted domains can be slightly different from the original ones, e.g. the correct domain for the santander bank is https://centrum24.pl and the substituted domain may be named https://centum24.pl). Do you have the appropriate certificate in the address bar and WHO IS the certificate for:

Fig. 4 The correct login page for the Santander bank
 
In photo 4 you can see that the certificate belongs to the Santander bank. The domain name also matches. So you can be sure that this is the correct page. Personally, I am a bit more paranoid and all the bank login details that I enter, enter using the on-screen keyboard (the risk of installed keyloggers is eliminated – useful especially when, God forbid, you have to log in to your computer).

Fig. 5 On-screen keyboard in Windows 10

The on-screen keyboard in Windows 10 can be found in START -> all applications -> accessibility. In Windows 7, the on-screen keyboard is located in START -> All Programs -> Programs -> Accessories -> Accessibility.

When you already do a banking operation and receive a confirmation SMS – READ THIS SMS CAREFULLY. Pay particular attention to whether the content of the operation you just performed coincides with the content of the operation in the SMS. Does the bank account match the amount of the transfer when making the transfer? Most people who have been deceived in this way have failed the careful reading test. They were sure that they were paying PLN 1.50 for larger shipments, and it was written in the SMS that the operation was about adding the sender to trusted recipients. It’s really VERY IMPORTANT.

2. Enter the daily cash limit in your account, which you can withdraw from an ATM and make a transfer. If you do not trade large sums on a daily basis, this solution will be perfect. If from time to time you make transfers up to PLN 1,000, set yourself a limit of PLN 1,200 – 1,500. Leave something unexpected for yourself. Setting the limit is up to you. This greatly eliminates the risk that all your life savings will flow out with one transfer. It is better to lose PLN 1,500 than everything you have.

3. Think. Although in moments when we have a lot of things on our minds or act under the influence of emotions, rational thinking comes with difficulty, when money comes into play, stand still and think about the sense of the required operation for which you were asked. Is surcharge for heavier pack makes sense? From my point of view, there is no, because the sender when he passes the package for sending, the courier on the spot weighs and measures it. Then the amount is fixed. It’s not like the courier calls the sender in an hour and says

    “Mr. Kowalski, the package is half a kilo heavier. You have to pay extra PLN 1.50”.

The courier’s role is that such oversight must be “taken on the chest”. And certainly it should not go to the recipient.

I received a text message with an additional fee. What now ??

First of all – don’t click on the link. Delete SMS. If you want, you can report the matter to the police. If you got it on a business phone, it would be good to report it to your supervisor, boss or IT department to issue a warning to others.

If you clicked on the link and entered your login details – change your password as soon as possible. You can also call the bank’s helpline, inform them about the situation and, for example, temporarily block access to the account and unblock it only at the bank’s outlet. It is best to present the situation to the consultant and ask for advice.

But above all, once again – read the SMS you get from the bank when confirming the transaction or making changes. This is your last resort and at the same time the moment where you can see most clearly that something is wrong here.

For the end...

Everything is cool until it meets you or your loved ones (just like it did today, hence the idea for this entry – fortunately it ended only on nerves and adrenaline). Therefore, send a link to this post to your loved ones, colleagues. Maybe they ordered something and are waiting for the package. When they receive such an SMS, it is very easy to be fooled. Better safe than sorry.

 

Artur Niemiec.

Leave a Reply

Your email address will not be published. Required fields are marked *