Full Video of The Spear Phishing Attack
Dating scams are VERY common! After all, you are ready to meet a new stranger. This is like a haven for scammers. You and the scammer are both emotionally ready... In this case, the Fake Kristi is randomly texting with the hope someone will respond. Many people are on tinder, so Kristi knows someone will eventually take the bait. Unfortunately for Scott, he took the bait. Kristi isn't waiting, she immediately starts flirting with Scott.
Kristi took this one to the NEXT level. The pic she sent in the text message is computer-generated, SHE doesn’t exist… so if you try to reverse image search, you won’t find her which makes this scam even more effective.
Next, she moves to start collecting some personal info about Scott. Even though she asked Scott where he is from, in fact, she already knows... Scammers often use breached databases, so when we said at the beginning that it was a random phone number, it wasn't actually that random. In many cases the scammers will also have your social profile, address, and many other details you provided when you registered to different sites online.
Fake Kristi is also from Rochester... Kristi just waited for Scott to ask her something. The Scam will be way more effective if Kristi will respond with a phishing link to something Scott asked instead of asking him to click on a random link. If Scott wouldn't have asked “Where about?”, Kristi would have continued the chitchat, she had enough info about Scott to earn his TRUST.
The last part of the scam worked. Scott clicked on the Fake Google Drive link. Look at the "I" in the URL, it’s a Latin “I” and not a standard "I". Also, the google drive link is drive.google and not google.drive. But Scott didn't have a chance, by now he is deep into the scam, he trusts Kristi and he is the one that asked for the "link”.
Once Scott logged into the fake google login page, Kristi stole his credentials. Scott got a notification that his password has changed and it's game over for him. Kristi Won this one!
How to Avoid THIS Spear Phishing Attack
1) Don't Automatically trust anyone, even if you think you know them, or they feel trust worthy. Digital identities aren't the same as meeting someone in person.