After the Facebook leak [BBC.co.uk] my phone has been getting smishing messages non stop. If I can help prevent one person from clicking that next link, it will be worth it.
I’ve seen many posters try to get the users to check the link before clicking but never explain why and what they are checking. URLS don’t include Imfake.com, so it’s important to let them know it’s legal to purchase domains with actual company names in them. It’s also possible to make a URL more convincing by sub domaining.
These techniques are cheap and fast. They also have a high success rate. The best place to put Phishing prevention money is in education of the user. If the end user knows how to spot a fake, it doesn’t matter about the expense tool it managed to bypass.
Phishers also use SMS and Voice, so often there is no expensive tool watching the users back. Hopefully these posters can help share some quick knowledge and stop that risky click.
Below is a poster that should hopefully teach how URLs work (In basic form). Phishers use subdomains to seem more legit.
This one is to make users aware that purchasing domains is simple and cheap. A Phisher can get a lot for their money. I used GoDaddy as an example, however most I’ve seen lean to namecheap.