Mobile users are being aggressively targeted again with yet another unique phishing lure. This one takes advantage of those teeny tiny screens on smartphones in particular. When receiving links in texts, email, or via social media, for example, a link can look one way. However, when viewing it in a browser, a typical one only partially shows on the screen. If you aren’t paying attention and click without further verifying it, it could mean you’ve been hooked.
According to the company PhishLabs, the scammers are now adding additional hyphens and subdomains to links making them appear to be legitimate. For example, it may look like:
http://m.facebook.com--------------------validate----------/somethingelse/sign_in
At first glance, it appears the link goes to Facebook’s mobile site. In reality, it’s going to wherever “somethingelse” is located. Once there, a phony login page pops up right on the screen requesting account login details. Not realizing that link is rather long after that initial “m.website,” those not paying attention may just fall for the scam.
While there are some devices that don’t allow it, most will have a feature where you can hold a finger over a link for several seconds and either see the whole link, have it spoken back to you, or move the cursor to the end to view it. If you receive a link that is unexpected arriving in email, text, social media or otherwise, take a minute to second guess it and make sure you really want to visit it before just tapping it. While one or two hyphens or underscores may not be an indicator of a scam, several certainly will be. If you come across one of those, just delete it. Additionally, if there is a name in the link that seems a bit odd or not related to where you think the link should go, it’s probably better to ignore it.
So far, the site being used for this scam most often is Facebook. You can bet though, that other forms of social media are also being taken advantage of in these scams. In addition, the researchers saw this on Apple iCloud, Craigslist, Comcast, and OfferUp.
It’s always best to really scrutinize links that arrive this way before taking action on them. These types of tricks are becoming more common, more successful, and resulting in a big catch for the fraudsters. You don’t want to be the phisherman’s catch of the day.