Introduction: When Phishing Goes Wrong
Phishing scams have become a significant concern as they are becoming increasingly sophisticated. However, sometimes these scams are so obvious that they’re almost laughable—especially when you know exactly how to spot the signs. Recently, I had a run-in with a scammer trying to trick me into sending £450. The twist? I made up a son and strung the scammer along just to see how they would react. Spoiler: They didn't see it coming. Here's how it went down.
The Scam Starts:
It all began with a typical phishing message designed to create a sense of urgency and manipulate emotions:
Scammer: "Dad, sorry to disturb you at this time. This is my new number from now on. Can you delete the old one and save this number? I need to talk to you."
(No spelling error here, though the phrasing is a bit informal.)
I decided to play along and asked:
Me: "This Joseph or Hector?"
Scammer: "Joseph."
Me: "You know I know nothing about how to use phones. Your mum is the tech-savvy one and has gone out to church."
The scammer quickly moved on to the financial pitch:
Scammer: "I have got bill to pay should of payed yesterday for it but because I'm using this new number I don’t have no access to my online banking. I wanted to ask if you could help me with this and I’ll send the money back by Thursday latest."
(Corrections: "should of" should be "should have", "payed" should be "paid", and "don't have no" should be "don't have any".)
Playing Along:
Rather than rejecting the request immediately, I decided to keep the scammer talking and see where the conversation would lead:
Me: "How much do you need, boy?"
Scammer: "Dad, you taking the mic at me?"
Me: "Why would I?"
Me: "I’m 64 years old with a phone, you think I have time to play about?"
Scammer: "Ok"
Me: "How much do you need? Don’t tell your mother. Joseph, are you still there?"
The scammer, eager to push for the payment, responded:
Scammer: "Need to make a payment of 450. Are you haile to make the payment for me? I WIII send it by Thursday as I said."
(Corrections: "haile" should be "able", and "WIII" should be "will".)
Moment of Truth:
At this point, the scammer provided the bank details for the supposed payment:
Me: "£450?"
Scammer: "Yes"
Me: "Usual account?"
I decided to slow things down and push for more details, knowing something didn’t add up:
Me: "Joseph, are you mocking me? You’re taking too long to respond. I guess the bill must not be urgent."
The scammer, still attempting to get the money, gave their supposed bank account details:
Scammer: "Right, just send it here. I’ll make the payment myself.
Name: Zakarya El Gtibi
Sort Code: 04-29-09
Account number: 40293955"
The Moment of Truth:
I decided to call out the scammer and question the legitimacy of their details:
Me: "Who’s Zakarya? Joseph?"
Scammer: "Dad, good night. If you do the payment, let me know. Have to make a payment in there if you can’t leave it."(Correction: "in there" is awkward. It should likely be: "if you can't leave it.")
Finally, I revealed the truth:
Me: "Mate, you’re speaking to a 29-year-old cybersecurity engineer. Been mocking you."
Breaking Down the Scam
Here’s why this scam was so easy to spot:
Emotional Manipulation: The scammer tried to manipulate me by pretending to be a distressed relative in need of financial help. This is a classic tactic used in phishing scams to prey on emotions.
Vagueness: The scammer provided very little personal information about their supposed situation, hoping I would fill in the blanks myself. The name "Zakarya" was completely random and raised red flags.
Sense of Urgency: Scammers always try to create urgency in order to make their target act quickly without thinking. This was evident in the scammer’s pressure for immediate payment.
Inconsistencies: When I asked specific questions, the scammer couldn’t keep their story straight. They couldn’t explain who Zakarya was, nor did they offer convincing answers.
Bank Account Details: The scammer provided bank details that didn’t match up with the supposed person they were pretending to be, which further proved the fraudulent nature of the request.
Spotting the Scammer's Mistakes: A Lesson in Typos and Red Flags
One of the easiest ways to spot a phishing scam is by paying attention to the language and spelling errors in the messages. In the scammer's texts, there were multiple obvious mistakes that gave their true intentions away:
"should of payed" – This is a classic mistake that many scammers make. The correct phrase should be "should have paid". The use of "should of" instead of "should have" is a red flag. It's an informal and incorrect phrase that often appears in poorly written scams.
"don't have no access" – This double negative is grammatically incorrect. The scammer meant to say "don't have any access", but using "no" and "don't" together is improper English. Scammers often make these kinds of mistakes to appear less professional, which is a key indicator they're trying to trick you quickly.
"haile" – This appears to be a typo for "able". It's a common mistake that may seem innocuous, but it's a clear sign that the message is not from someone you know, especially when combined with other errors. A genuine text from a friend or relative wouldn’t contain such an obvious mistake.
"WIII" – The triple "I" here is an error that happens when scammers type too quickly or are using a poor translation tool. The correct word should be "will". These kinds of errors, though small, are often present in scams, showing a lack of attention to detail.
"in there" – In the sentence, "Have to make a payment in there if you can’t leave it", the phrase "in there" doesn’t quite make sense. It’s likely a result of a poor translation or careless typing. The scammer probably meant something like "if you can't leave it", but the awkward wording makes it clear that this message wasn't crafted by a native speaker or a genuine source.
These spelling mistakes might seem minor, but they are important clues. Scammers don’t usually take the time to proofread their messages, and they rely on their targets not noticing these telltale signs. By recognizing these common errors, you can better identify phishing attempts and avoid falling victim to them.
What to Do When You Get Suspicious Texts:
Receiving a message like this can be unsettling, especially when it seems to be from someone you know. However, there are clear steps you can take to protect yourself:
Call the Actual Person: If the text seems out of character or makes an unusual request, call the person directly using a number you already have saved for them. Don't rely on the contact details provided in the suspicious message.
Verify Through Other Channels: If you can’t reach them via phone, try contacting them through another method, like email, social media, or in person.
Look for Red Flags: Phishing messages often have subtle signs of fraud, such as:
Spelling or grammar errors
Requests for money or personal information
Urgency that doesn’t seem to match the situation
Unusual account details or unfamiliar names
Don’t Engage with the Scammer: If you’ve identified that you’re being scammed, do not respond or engage with the scammer further. Continuing to communicate may embolden them to keep trying to trick you.
Report the Scam: If you believe you've been targeted by a scam, report it to your bank and relevant authorities, such as Action Fraud or the Financial Conduct Authority in the UK. This helps prevent others from falling victim to the same scam.
Conclusion: The Power of Knowledge (and Humor)
Phishing scams often prey on emotional manipulation, but the key to avoiding them is staying calm, questioning everything, and being skeptical of unsolicited requests.
In this case, I used a little humor and creativity to expose the scam, but it also served as a great reminder that scammers can easily be outsmarted when you stay alert and think critically. So, the next time you get a suspicious message from "Joseph" or anyone else, remember: check the details, spot the red flags, and protect yourself from falling for such tactics.
Comentarios