Kinaro's blog of things

Let's go phishing

June 11, 2019

This is a cyber crime where scammers reach out to targets through emails, SMS or social media channels and trick them into disclosing sensitive personally identifiable information. This may lead to identity theft and financial loss. With this information, the scammers may try to access emails, banks and other accounts.

Types of phishing

  • Spear phishing.

The scammer sends customized message, with the target’s position, company, work phone and other personal details to convince the target that there is a connection between them.

  • Google docs phishing

This is especially common with online forms, where a scammer creates a fake form to harvest user details. For instance there is this fake Huduma number registration form ****asking for personal details as well as soliciting for money.

  • SMS scams

These usually tell you that you have won a money on a betting site. You are instructed to call or respond to a specific phone number in order to claim your money. Once you call, the scammer then takes your round in circles while asking you for your mobile money account pin to receive your money. Once you give this information out, the scammers initiate transfers or a withdrawal from your account

How to stay safe

  • Use multi factor authentication. This can be a secondary email, a phone number to receive SMS code, authenticator apps such as Google Authenticator or a hardware tool to generate one time passwords such as the YubiKey.
  • Be careful when visiting shortened links. Many cyber criminals use link shortening services to create short, deceiving links which most of the time lead to malicious websites.
  • Threats and urgent deadlines. Scammers use these tactics to add a sense of importance to the lie. They try to scare people by warning about account closure or errors in billing details. Contact the service provider over verified channels in order to ascertain veracity of such messages.