An iTWire colleague received a fake bill from Foxtel noting an automatic payment did not work, and it looked so convincing, it almost succeeded – but thankfully, didn't.
Take a look at the Foxtel bill, a little further below. There are no tell-tale misspelled words, even if the grammar in some places is suspect.
At first glance, it looks like a legitimate bill, which is the way that phishing scams work. They take advantage of distracted humans being the weakest link in the chain, with the pressures of work, children, the potential embarrassment of credit cards not working, and any other strategy possible to get you to click, and voluntarily divulge your information.
As with all phishing scams, and indeed spam in general, it's just a numbers game. Send out enough fake bills, and a small but still sizeable enough proportion will accidentally fall prey, which can generate more than enough money for the scammers to continue a criminally profitable enterprise.
{loadposition alex08}When you look at the bill below, not only do you see, if you read closely enough, odd-sounding language, and additional spaces before colons and other minor weirdness, but you can also hover your mouse pointer over the "CLICK HERE: https://www.foxtel.com.au/paymybill/" link.
Hovering over this link shows the real destination, which is https :// waaotube . com/actions/.admin.php
Article continues below image, please read on.
Now, I'm purposefully putting spaces in to that URL to ensure it is not clickable, for you surely won't want to go there, even if by accident. Who knows what other drive-by vulnerability scams are in place at that site, ready to trap the unwary and those who have not updated their devices with the latest security and OS patches.
The message is, as always, to be ultra vigilant. Do not let your guard down. Scrutinise your emails, especially if they are bills, or requests for information that needs to be entered via clicking a link.
If you are uncertain, visit the website via its direct URL. Log in via the normal website, not some innocent-looking link, and check your account or other messages that way.
Pick up the phone if needed and ring the company – again, via the company's phone number on its website, not via a number that might have been emailed to you.
Be careful. Be vigilant. Trust no-one. Just because you're paranoid doesn't mean they're not out to get you, your credit card or other personally identifiable information for identity theft.
Use a VPN. Use long passwords, use different passwords, use a password manager. Consider getting a second credit card from a different bank, not linked to your regular accounts.
And just don't be complacent. Familiarity breeds contempt, and it breeds cyber criminals ready to pounce on your familiarity.
So, good luck, and may the force of vigilance be with you, always.