The danger of being connected. Analysis of a Phishing attack.

Hello everybody!!

First of all, excuse me that I have not posted anything, I carry many things at once and between work, studies, various projects, trips and I have two things that I want to post and I have almost finished, I do not have time, even for myself.

But well, today I bring you something light. Some time ago I received a rather striking email, I had never received anything like that and the truth, it amazed me as the scammers are so careful. This is why, I would like to talk about this topic, and being connected has many dangers, including phishing.

Most of you will know what phishing is, but in case someone doesn’t know it, phishing is a method by which they try to extract all kinds of confidential information fraudulently from the victim (any of us), mainly bank account data. Phishing is nothing more than a type of social engineering, in which they impersonate an identity (a real person or entity) to make the victim believe it is trustworthy and sting in the hook. Phishers (those who do phishing) primarily use email or some type of instant messaging.

Although many people think that the danger is phishing, they are wrong, the danger is always present and can manifest itself in many ways, including phishing. Although there are many other ways, such as smishing, that instead of email use SMS on mobile, or vishing, with phone calls. All of them are variants and belong to the Social Engineering group.

After that, I make a special mention to all types of social engineering, something that very few people give importance, and given the times, and that will get worse, it is very necessary to inform people of all the dangers which entails being connected. I would like to comment on all of them here, but it would be too long. Whenever I can I give advice, and that is always always always, doubt at all costs to give information, be it passwords, credit cards or some type of information so lightly. Because remember, the principle that underpins social engineering is that in any system, users are the weak link.

Continuing with the phishing issue, this is the email I received:

As you can see, it is from Amazon, or rather, it seems to be from Amazon.

To anyone who is not very well placed in this line, he will think, oh my God, they will close my account, how? Why? It cannot be! And click on the button.

This could happen, but remembering the first thing I said, always always always doubt at all costs giving information. With this in mind you should start to doubt, “Are there really problems with my account? Amazon has never asked me anything. Is it really Amazon?”

t’s normal, we can have doubts, and this is where I would like to comment on some “tricks” to know if it’s really fake or not.

If in this case we click on the “Update now” link. The following page will open in the browser.

When you open it you say, it is apparently Amazon, with the typical login, same appearance, same image, all the same, but … If we look at the URL we can verify that it is not Amazon.com, no matter how much green lock there is, it is NOT Amazon.

But in addition, with this it isn’t enough, because in this case I have been lucky and the browser shows me the domain part of URL, I mean, the real page, but other browsers may not be like this and show the prepared URL that cybercriminals have created, that just have enough characters to show this prepared part of URL and hide the real part of URL. And when I say enough characters, I mean the necessary characters that only goes into the width, in this case, the mobile.

Scammers are interested in showing the subdomain, and with some luck the real domain is not seen. Many times if the victim sees the word “Amazon” doesn’t give it more importance and fall into the trap.

But there is more, if we return to the email, we can see more information about who sent it to us.

If we click on customer-service@amazon.com which seems to be the email of the person who sent it to us, we will see the real information of the issuer and just below it appears the real email from where it was sent.

These are the main “tricks” to which I referred, very careful with the URL, but above all, special attention to email sender. If we pass this barrier, we will hardly be able to realize it later, we must have our eyes wide open!

Let’s keep going; At this point, and knowing that it is phishing, I have placed a fully invented username and password, and as I expected, the page has advanced and it has shown me the following. Of course, they don’t have the database, they can’t contrast something!

The page looks very real, it looks a lot like Amazon’s styles. Here they ask for any type of information, even the brand of your underwear! So placing a random text, we go to the next page.

As expected, they will ask for the credit card number. Although at this point, something got my attention, they have a credit card checker! They check the credit card number before you can go to the next page. I had to search an online generator of virtual credit cards to pass the checker. They took it very seriously!

Now they ask us for a front and back credit card photo.

By placing them, it takes us to:

We have verified our account, apparently, everything is OK, and now it will redirect us to the official Amazon webpage, and thus you can enter your username and password, and see that Amazon has not deleted anything.

And here the phishing ends, the victim in a few days will see movements in his credit card, password changes, Amazon orders to other places and someone with bad luck in a few months or years could find some type of complaint of any scam or illegality, for having used cybercriminals their data on illegal pages.

I hope I explained clearly and that you liked it. Remember, always always always, doubt at all costs to give information, be it passwords, credit cards or some kind of information so lightly.

See you in the next post! 😉

Happy Hacking!

Author: Rafael Moreno López.