Phishing for a Friend
- Written by Tracy Scott
- Category: Articles
In-app messaging is nothing new. Mobile device users have had their digits on instant messaging platforms since at least the mid-'90s. Before that, people sat in front of oversized computer screens to chat with other online users.
Understanding how these scams work is your best defense against becoming a victim.
Fast forward to today, and the popularity of instant messaging apps has only increased. People use them to quickly send photos, emojis, and other text-based communications to family, friends, and even strangers. But someone else wants in on the conversation.
Crafty crooks need friends, too. Or is it something else they're after?
(In-app message communication)
Hallie: Hey, it's me!
Autumn: Was up?
Hallie: Hear about the free gov stim?
Autumn: Y – already got mine.
Hallie: There's more. Click this link to apply before it's all gone.
Autumn: For rlz???
Autumn: K – I'll sign up now. Gotta get back 2 work in a few.
Hallie clicks the link and enters her personal information, including her Social Security number. Then she's redirected to the login page of the messaging platform. She thinks little of it since the link was sent to her by a trusted friend. Hallie enters her login credentials, sends a few more messages, and then returns to work.
(Local coffee shop)
Autumn: Did you get your money yet?
Hallie: What money?
Autumn: Haha, very funny. That extra government stimulus money you messaged me about yesterday.
Hallie: I don't know what you're talking about.
Autumn pulls out her phone and opens up the in-app conversation. Hallie reads the message. It's just like Autumn described. A chill runs through Hallie as she sees her profile name and picture attached to the communication.
Hallie: I didn't send you that.
Autumn: Not funny.
Hallie: I'm not laughing.
Later that evening, things go from bad to worse — Autumn can no longer access the messaging platform.
After a few minutes of researching messaging scams online, Hallie and Autumn realize they'd been used in an instant messaging phishing scam. The fraudsters hacked Hallie's account, sent the same message to all her contacts, and then did the same to Autumn. Hallie and Autumn immediately called all their contacts to let them know what happened.
But it was too late for half of Hallie's contacts — the crooks fooled them with the fake profile and stole their private data and login credentials.
Protect Yourself from In-app Phishing Scams
Understanding how these scams work is your best defense against becoming a victim. If you receive information from a trusted friend about an opportunity that seems too good to be true, talk with them in person before acting. You can also enable two-factor authentication, so you're alerted to any attempts to change your login credentials.
If you suspect an online account is pretending to be someone you know, follow the app's instructions for blocking the user profile. Then report the phishing attempt to the app company. And be sure to tell your friend right away so they can warn their contacts that their account has been compromised.