We see it too often where family, friends and clients tell us that they got hacked, but more often than not they don’t even know exactly how or who hacked them. In this article, we show you some of the popular and recent phishing hacks that have been going around and are often successful methods to hack Facebook, website and even bank accounts.
Phishing, pronounced the same as fishing, is a practice of sending fraudulent emails, text messages, facebook messages or other forms of messages where the sender pretends to be a legitimate company or a legitimate sender, when in reality they are hackers trying to get the receiver to reveal their private information, usually their login details.
Below we will show you 3 very effective phishing attack examples and we will show you how to spot them rather than to become a victim of phishing.
Email Phishing Attack
In the video below we show you a classic example of an email phishing attack attempt for an e-commerce website where the attacker pretends to be a customer who has received the wrong order and provides a malicious link in the email. When clicked the link will take you to a replicated login page which is meant to obtain your admin login details so the hacker can gain access to your website.
Facebook Phishing Attack
In the below screenshot you can see an example of a Facebook phishing attack where the hacker has hacked one of your Facebook friend’s Facebook accounts and has sent you an email pretending to be them sending you a legitimate video message using the Facebook Messenger. Once you click the video, you are taken to a fake, replica Facebook login page asking you to log-in in order to view the video. Once you login you have given your login details to the hacker and they now control your Facebook account, meaning they can change your password and send on the malicious video phishing scheme to your entire friend list. This creates a chain effect giving Facebook login details of other victims who fall for this brilliant Facebook phishing attack/scam.
In the above screenshot, you can see that a hacker who has hacked Ann Smith’s Facebook account has sent a message through Facebook Messenger to Jon, who is a Facebook friend of Ann Smith, with 2 links to a Youtube Video. Once Jon clicks any of these links he is taken to a fake Facebook login page as you can see in the screenshot below.
In the above screenshot, you can see a Facebook login screen that looks identical to the official Facebook login page however, it is a fake, replica login screen that is hosted on the hacker’s server which is pretending to be Facebook.
This can be verified by looking at the URL at the top of the page, in this case, it is yt.appsvideos.net. This is the 1st place to always check to ensure that you are not a victim of a phishing attack. If the URL is anything other than https://www.facebook.com, you will know it is a phishing attack, in which case you will not provide your login details because if you do, the hacker will have access to your Facebook account.
Please note that Facebook will never ask you to login to your account by following a link from your Facebook Messenger or any other link if you are already logged into your account. There may be an exception in rare occasions when Facebook thinks your account is compromised, however, this is very rare and if you check the URL, you will always know if you have been hacked or not.
Bank Account Phishing Attack via Text Message
Hackers are becoming more sophisticated and stealthy and are using less traditional phishing methods such as text messaging.
In the example below, you can see a text message that has been sent by a hacker, using a local number, in this case, a Toronto Canada phone number, pretending to be CIBC.
Once you click on the provided link you will be taken to a replica CIBC login page asking you to provide your username and password. If you do, the hacker may have full access to your bank account! There are 3 possible easy steps to take to avoid this.
- Your bank should never send you a text message asking you to log in. So if you get an SMS like this you can be 100% sure it is a phishing attack, so do not fall for it.
- You can see the URL of the link in the text message says 4506verify.com, this is another indicator that this is a phishing attack because even if it was your bank, the URL would be the URL of your bank, eg. cibc.com and not 4506verify.com or anything other than your bank’s URL.
- Once you click on the link that takes you to the fake login page, always ensure to check the url at the top to ensure it is a legitimate URL like https://www.cibc.com as you can see in below screenshot.
So there you have it, hopefully, now you are better equipped to understand how phishing attacks work and how to avoid being a victim of a phishing attack so that your personal information is safe and secure.
If you have been a victim of a phishing attack or know of other more genious phishing attacks which were not shared above, please do share the details in the comments below. Thank you : )