I've been fortunate to have not been a victim of phishing. The closest was a text message phishing attempt.
I received a text message saying I had missed a parcel delivery and to re-arrange delivery and pay a re-delivery charge. I almost fell for it because I was expecting a parcel delivery on that day. Text messages use shortened URLs that hide their full URL, but when I clicked the URL in the text message the website that opened in my mobile browser was a convincing reproduction of a delivery company. Luckily, I realised this was a phishing attempt when I looked at the URL. (Some mobile browsers hide the URL until you scroll up the page.)
On subsequent occasions I received similar text messages but I knew immediately they were fake because I wasn't expecting any parcel deliveries. Given that many people expect parcel deliveries regularly, I suspect some users fall for this scam when the fake text message coincidences with an actual delivery. I also wonder how my mobile number managed to get on to some scammer's list of phone numbers and where else it’s being circulating.
So, have you ever fallen to a phishing attempt? Or came close to falling for a scam? Or did one of your relatives fall victim to a phishing attempt?
1.) Recently, there was an instance where I could have drained my cryptocurrency wallet. Usually I bookmark the defi domains and visit the sites via bookmarks. But that day, for some reason, I used a search engine to visit the site. The first or second result was a fake domain very similar to the real one. I visited the site and was just about to connect my wallet when I looked at the domain. I always look at domain related to cryptocurrency/finance/etc before login/connecting wallet. Due to it, I caught that the domain was part of a scam. I should not have used a search engine to visit the site, took my lesson and never did it again.
2.) Few months back, out of nowhere got a customer support call that your laptop warranty is about to expire so renew it and then started talking about the packages. In the first minute itself, I thought this must be a scam. So politely told him that I think this is some type of scam, later on I will visit your website or desktop application and see it for myself, and renew it I want to. He understood what I was trying to say and did 'Ok, Ok , but make sure to visit our website and renew your package'. It turned out, he was not a scammer, but an actual legitimate CS from the vendor. In one week my warranty was about to expire, and I think he even said my full name in the starting of the call and my laptop brand, this information only the actual vendor can have. In the end, I did not renew it bcuz the package was not that good.
3.) Jim Browning who takes down such online scammers/fraudsters himself got scammed and deleted his own YouTube channel via his own consent. If he can get scammed then, however tech-savvy you are, you can also get scammed the same way a 60-year-old can. https://youtube.com/watch?v=YIWV5fSaUB8 https://piped.kavin.rocks/watch?v=YIWV5fSaUB8 (proxy link).
4.) Things I do to prevent myself from getting scammed:- a.) Only visit banking/financial/etc sites via bookmarks (malware can change your bookmarks to fraudsters domain so be aware of it)
b.) Always, Always check the domains.
c.) Never open links blindly. Hover over the links, and it will tell you the full domain. Also, some links actually look legitimate like google.com but when you over it is in non-Latin character (IDN domains)
d.) Avoid giving out your phone number to websites. Try to use emails and that too aliases for non-important stuff. By it, if your one alias gets leaked you can just turn it OFF permanently easily.
e.) Have google safe browsing (proxied), DNS scam/phishing sites filter turned ON.
f.) After pasting something (after copying) see if the content or URL is the same as the one you copied. Malware can change your copied URL to their scam domain URL's.
g.) Turn On the setting in your browser 'Always show full URLs)
h.) Also, never trust anything on the internet.
To check how your mobile number got to the scammer, you can try https://haveibeenpwned.com/ and see if you can find any links. Or they must have randomly sent it to all the same message in bulk, hoping that atleast 0.0001% fall for it.