As the days grow colder and the holidays draw near, Spammers have been ramping up their Catphishing campaigns. From displaying fake pictures to writing sweet nothings, they’ll do whatever it takes to get into the minds of their lonely victims. Here are some current Catphish tactics you can expect to see.
Promises of Lewd Images
Whether they call it private photos, hidden albums, bikini pics, or sexy selfies, these are all just words to lure your mind into thoughtlessly clicking that link. It may seem so close, just an innocent click away; don’t do it. This is especially effective nowadays when everybody has a smart phone as it is just so quick and easy to sneak a peek. Not enough people seem to realize that your smart phone can definitely be compromised. We store our photos, do our social media, and even use online banking with our smart phones.
What makes matters worse with smart phones is how much information is hidden when using common mail apps. People have only just (slowly) started learning to double check who sent you the email and to inspect the link before clicking it. With a smart phone you have to take extra, tedious steps to check who sent you the message and what the true look of that link is.
Different Payload Methods
Nowadays we’ve gotten better at sifting out the obvious bad links, like those freshly created domains with cheap TLDs (top level domains) such as .xyz, .shop, .top, etc. Hopefully these kinds of links trigger our internal alerts immediately now, or are blocked by our email services such that they aren’t easily clicked. However, Spammers have gotten more crafty in terms of the kinds of links they have been using.
A simple one to avoid is those links with ‘shortened’ URLs. URL shortener services such as bitly mask the true address and are commonly used by spammers. Another thing to look for are unsubscribe links. They are trying to trick you into thinking you’re removing yourself from their spam by providing a malicious unsubscribe link.
The abuse of cloud storage drive services are becoming a bigger problem. This is because these links contain the domains of well respected companies that are often used today as an efficient way of sharing files to many people. Spammers are now using such services for malicious payloads, and by the time the links get reported Catphish campaigns have already been sent out. Google drive, Google docs, Microsoft Onedrive, and Dropbox are some of the services being abused to infect unsuspecting users.
Some spammers use Twitter links. This is an interesting approach, as it can seem like a advertisement campaign for a ‘Twitter Model’ trying to get more followers. The link will lead to fake account’s tweet, likely with a display picture of an attractive woman. This tweet will have other fake accounts commenting on it, making it seem legitimate. The tweet is where the risky link will be. Don’t fall for this.
Watch out this holiday everyone. As the days get colder and the merry days come closer, don’t look at emails for that cure to loneliness. Catphishers are on the prowl.