Phishing scams target Jefferson students

Image courtesy of ideas.ted.com.

Phishing scams are a real concern in today’s digital world, and Jefferson students are susceptible to them.

In the last week, Jefferson students have reported being sent suspicious Facebook links that look like YouTube thumbnails, with the text-only message “Sankapp: Is it you in the video?” Students inadvertently cause the scam to perpetuate after clicking on the link, bypassing any browser warnings that the site is potentially dangerous, and submitting their Facebook credentials. With these actions, the scammers now have access to student accounts to forward the link to their Facebook friends. Freshmen, who usually have the least Facebook experience, are often the ones to fall victim. However, this current scam has mostly been spreading around juniors.

Such scams are known as phishing. According to Phishing.org, phishing is “a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.” With this information, hackers can utilize users’ identities online to do virtually anything the user can do themselves. The Facebook phishing scams Jefferson students experience are often colloquially (and incorrectly) known as “hacking,” since a third party has gained access to a user’s account, but since it was through a voluntary input of information, it’s technically not unauthorized.

In past years, scams have surfaced in the Jefferson community, often in the same form: fake YouTube videos captioned with “Is it you?” Typically, scams like these stop gaining traction in a matter of weeks after students begin to realize they’re an annoying trick, so it typically happens only once or twice a year when a few students let their guard down. 

“Low effort scams like this are just looking to get attention and spread as far as possible, although it’s impossible to know for sure what they are doing with the stolen credentials,” junior Darin Mao, President of Computer Security Club, said.

Although scams like these seem to only be annoying, there could be far greater implications.

“It’s important to understand that full account access has been compromised and attackers could theoretically do anything they want with your credentials,” Mao said. “If someone has your login information, then it’s trivial to mess with anything your account has access to. It’s like if I messaged you asking ‘Hey, can I have your Facebook username and password?’ and you just gave it to me,” Mao said.

If a user has input their email and password into such scams, there are steps that they should take to remain safe.

“As a precaution, it is best to change your password. If possible, enable Two-Factor [Authentication] as well,” Mao said.

Let’s take a deeper dive into what makes the Sankapp scam, specifically, visibly a scam.

Sankapp’s phishing scam presents itself in the form of a fake YouTube video in users’ Facebook Messenger chats. (Image courtesy of Anna Hsu.)

Many Jefferson students, particularly upperclassmen, have seen enough phishing scams to quickly recognize that the Sankapp YouTube is probably fake. Facebook Messenger typically uses Open Graph tags to display a thumbnail image preview of YouTube videos, with a text-only link to the video.

As previously mentioned, the text-only message included the word “Sankapp,” which probably isn’t a familiar name or term to the average Jefferson student. A quick Google search of “Sankapp” results in a Facebook profile with a profile picture having a similar appearance to the thumbnail. In the comments, someone mentions that this page should be reported for malware. Coincidence? Probably not.

The typical Jefferson student probably isn’t going to go through an excessive amount of Google searching for a link their friend sends them, so they might just click on the link. The warning page they are redirected to (on Google Chrome, in this case) shows a multitude of reasons why it may be unsafe to continue to the actual site.

There are a variety of “red flags” on the website that the fake YouTube link redirects to. (Image courtesy of Anna Hsu.)

 

If even after this warning pops up and users click on “visit this unsafe site,” they’ll be redirected to a mock-up of the old Facebook login page. Facebook updated the appearance of the primary login site, but some subpages of Facebook, like Messenger, still use the old version. However, there are notable aesthetic differences between the two.

Although some are subtle, there are differences between the Sankapp scam and the official Facebook login. (Image courtesy of Anna Hsu.)

 

When trying to visit this site on an FCPSOn laptop, McAfee Endpoint Security produces a “blocked site” view. (Image courtesy of Anna Hsu.)

With security measures such as McAfee Endpoint Security, which is on FCPSOn laptops, such phishing sites may be blocked. Facebook has also since blocked visiting this site directly from Messenger, citing their Community Standards. However, it’s safest to use personal intuition combined with a recognition of sketchy sites, as displayed above, to avoid falling for these scams.

“Most modern web browsers do a good job [of warning users]. At the end of the day, it’s up to you as the user to be diligent,” Mao said.

For more on how to recognize and avoid similar phishing scams, the Federal Trade Commission (FTC) has more information at https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams