How I tracked down a phishing scam and helped a friend recover

CyberLabyrinthX
5 min read1 day ago

--

Phishing is one of the most widespread and evolving threats in the world now. Phishing attacks are often viewed as just another scam until you or someone you know becomes the target. Recently, I have dealt with a firsthand encounter with phishing that not only put my friend’s account at risk but also gave me an opportunity to learn more about shady URLs.

The unexpected phishing link

It all started with a seemingly ordinary message from my friend. The message contained a link, but something about it didn’t sit right with me. At first glance, the message seemed harmless, just a casual share of a link, perhaps a funny video or a viral article🤷🏼‍♂️. However, the link itself raised a red flag.

Upon closer inspection, I noticed the URL was slightly off. The domain name seemed suspiciously close to the real one but contained subtle differences, such as an extra letter. I immediately suspected it could be a phishing link.

Even though my friend had sent it to me, I didn’t immediately click on the link. I was in a stressful situation, trying to handle various tasks, but my instinct told me to be cautious. Instead of rushing into clicking, I decided to analyze the situation further.🕵️‍♂️

Confirming my friend’s account identity

Before jumping to conclusions, I wanted to make sure that the link wasn’t actually coming from my friend’s account. After all, phishing scams can sometimes masquerade as messages from familiar sources. I quickly checked my friend’s account details and found everything matched his real identity. His profile picture, registered phone number, username and other information were consistent with what I knew about him.

Despite this, I remained cautious and decided to call him, just to confirm if he had sent me the link.

The shocking revelation

When I called my friend, he told me something alarming. He began to explain that a link had come from his mother’s account, and that after he clicked on it, his own social media account had automatically logged him out. It was clear his account had been compromised. Not only had been signed out, but his account was also sending phishing links to all of his contacts — at unstoppable rate.

This revelation confirmed that his mother’s account had also been hacked. Phishing attacks often involve stealing the login credentials of victims and using their trusted accounts to spread malware or links to others. It became clear that the attackers were leveraging my friend’s account, as well as his mother’s, to launch scam further.

Analyzing the phishing link

Now, with my friend’s account in jeopardy, I knew it was crucial to quickly analyze the phishing link in question. Here’s how I went about it:

  1. Examining the URL:
    The first thing I did was hover my mouse over the link (without clicking on it) to see where it led. As I suspected, the URL was not from a legitimate website. It was a distorted version of a trusted domain — an attempt to deceive the recipient into thinking it was a legitimate link. This is one of the most common tactics in phishing attacks.
  2. Identifying the Red Flags:
    The website linked to by the phishing URL asked for personal information, such as login credentials. Legitimate services would never ask for this kind of information via a link sent in a message or email.
  3. Looking for clues in the link structure:
    I analyzed the structure of the link itself. Many phishing URLs contain strings of random characters that make no sense. These characters usually indicate a compromised or counterfeit site designed to harvest personal information. The lack of a secure “HTTPS” protocol was also a red flag.
  4. Cross-referencing with known phishing sites:
    Using online tools, I cross-checked the suspicious link with well-known phishing databases. Sure enough, the link was flagged as a phishing attempt, and I could see it was part of a broader scam campaign.
  5. Reviewing the source of the link:
    While I was familiar with my friend’s account, I knew that attackers often impersonate trusted sources. I checked for signs of compromised devices or unauthorized logins. In this case, since my friend had already been logged out of his social media, I was able to confirm his account had been hijacked.

What I did next: helping my friend recover

Once I confirmed the phishing attack, my next priority was to help my friend secure his accounts and limit the damage:

  1. Account recovery:
    I advised my friend to go through the account recovery process with his social media platforms. Most services offer a way to reset your password and regain control of your account. He also needed to update all of his passwords, using strong and unique combinations.
  2. Informing contacts:
    Since his account had been sending phishing links to others, it was crucial to warn his contacts immediately. I helped him send a message to friends and family, explaining the situation and advising them to avoid clicking on any suspicious links coming from his account.
  3. Two-Factor Authentication (2FA):
    To add an extra layer of protection, I recommended that my friend enable two-factor authentication (2FA) on all of his accounts. This step would help protect his accounts even if someone managed to steal his password again.
  4. Device security check:
    After confirming the phishing attack, I also recommended that my friend scan his devices for malware. It’s common for phishing links to install malicious software on compromised devices, which could continue sending out spam or stealing more personal data.
  5. Report the Incident:
    Finally, I advised my friend to report the phishing attack to the relevant authorities or platforms. Social media platforms often have ways to report compromised accounts or phishing attempts, which can help prevent the attack from spreading further.

The Importance of Caution and Awareness

This experience taught me a valuable lesson in the importance of remaining vigilant when it comes to online threats. Even if an account seems legitimate or trustworthy, phishing attacks can still make their way through if you’re not cautious. By not clicking on the suspicious link and verifying the situation with my friend, I prevented further damage.

If you ever receive a suspicious link, follow these steps:

  1. Don’t click the link right away. Analyze the URL.
  2. Verify the sender’s identity through other channels, like calling or messaging them directly.
  3. Report the attack to relevant authorities or platforms
  4. Secure your accounts with strong passwords and enable two-factor authentication.

A little caution and skepticism go a long way in preventing phishing attacks and protecting your online identity. Stay safe, and always think twice before clicking on links!

--

--

CyberLabyrinthX
CyberLabyrinthX

Written by CyberLabyrinthX

CyberLabyrinthX is a friendly computer security researcher and ethical hacker. Likes to read and talks about hacking, pentesting, privacy and InfoSec

No responses yet