An interesting text message landed in my inbox the other day.
Here’s what it looked like:
(click to enlarge)
My first reaction was to panic a bit. I do a ton of work on public wireless networks — and even though I use a VPN to protect my deets from snooping eyes, I’m always worried that I’m going to give away enough information to get myself hacked. Maybe it’s paranoia — but in today’s world, paranoia is probably a good thing.
But then my bunk detectors kicked in. Can you spot the three reasons that this text message raised alarms?
Here’s what caught my eye:
The sender of the message is trying to make me panic: Probably the most important step to detecting whether a text or email message is up to no good is to ask yourself a simple question – “Is this person trying to make me panic?” Fear is the best friend of a phisherman, after all. If I’m convinced that my account has been hacked or my money has been stolen, I’m more likely to take immediate action — read: hit that link and enter my most important details — than I am to stop and think.
So whenever I spot an attempt to generate fear, I force myself to slow down and look a little more carefully at the message that I’ve received.
The web address in the link is wonky: Seriously. Read it. Why would a major company point me to any address as weird as http://bankofamerica.caseid-2078.com? That’s a cheap trick that phishermen (and other shady folks like the leaders of the Fake News brigades) are resorting to. Their hope is that as I’m panicking over my breached account, I’m going to see the first half of the web address without questioning the second half.
The harried, urgent, worried me might see “Bank of America” and click. The thoughtful, skeptical, refuse-to-be-tricked me read the whole address and said, “Nope. Not falling for that.” And the Interwebs loving me typed the address into my Google Machine and found about a thousand references to a phishing scam.
Banks don’t usually send text messages — particularly asking users to update their personal information: In a world where phishing — and in this case, SMiShing — has become an all too common method for evil creeps to fleece the innocents, banks have taken a pretty hard-line approach to contacting customers. They pretty much NEVER send out email or text messages when there is a problem. That protects everyone.
I don’t know if that is Bank of America’s policy. I’ve never bothered to look, to be honest. But I DO know that it is the policy of most major banks. That means I never take emails and texts from banks seriously.
So how did you do? Did you pick up on all three of the things that raised alarm bells in my mind? If so, huzzah for you!
Now for a more important question: Could your STUDENTS spot all of that sketchiness?
If not, you’ve got some teaching to do!
Related Radical Reads: