Clicked on a phishing link!¶
Today, I received the below text message saying that the payment for my EE bill did not go through which instantly triggered an anxiety emotion: “Why was the payment declined? Do I have enough money in my bank account?”.
Having checked the bank account balance, all was good - enough funds to pay for a number of EE bills, my anxiety levels lowered substantially.
Then I noticed there is a link in the text message:
https://auth-ee-info.web.app
And that’s when I was 100% sure this was a phishing attempt. The domain name was web.app, a Google owned firebase platform for hosting code. Someone created an account on firebase, setup a fake EE site, and was sending phishing text messages.
Challenge accepted!
Over a VPN connection, of course!, I clicked on the link and filled in my fake identity (not showing in the screenshot for obvious reasons).
Then came the payment details. I entered made up numbers. There was no checking of any validity.
Reporting the phishing text to the EE¶
In the UK, there is a system to report the phishing text messages to network operators by forwarding these to a number 7726. Below you see the result of the reporting. The automated systems asks for the number that has sent the alleged phishing text message.
Reporting the phishing website to Google¶
Finally, I reported this to Google, who owns the web.app domain and runs the Firebase Platform as a Service on it. Going to the web.app redirects to https://firebase.google.com/products/hosting/ and at the bottom of the page you see ‘Contact Support’ then ‘Pick a category’ where is link to ‘Report spam, malware, or phishing’.
Conclusion¶
Criminals use psychology techniques to trigger anxiety, place artificial time constraints, then exploit targets’ lack of understanding how Internet works.
The best protection is to slow down, take break, think if this email/text message you received could be fake. If in doubt, talk to a friend.
by Vladimir Jirasek
LinkedIn | Cyber security | fractional CISO | Advisor | Founder