by Charles Miller

Right on the heels of last week's column warning of the potential dangers of clicking on links received via email, I received a message tacitly pointing out that what I wrote last week was not complete. I wrote that it was important to be suspicious of any and all links appearing in emails, and to be safe it is best to never ever click on any links in emails. I neglected to mention that all messaging apps are vulnerable to the same problem as is email.

Cissy wrote to me: "Hi Charles, I just got the below sent to me about my Facebook Artist page. I don't know if it's a scam or if this is true and I've done something wrong. I post stuff, my newest art on my Artist page and sometimes with Price. Please let me know what you think because they said my whole page will be lost if I do not get back with them within 24 hours." Cissy included a screen shot of the message because she was rightly suspicious.

The screen shot was just one more example of the modus operandi of online criminals. They try to evoke fear of losing something, in this case your Facebook account on which many hours have been spent creating content. They warn of irrevocable consequences, such as "once deleted your account can never be recovered." Then they try to create a false sense of urgency by saying "you must respond in less than 24 hours," and sometimes the crooks backdate the message to make it appear that only a few minutes or hours remain before the deadline. Of course the crooks are hoping to panic you into acting quickly and abandoning all caution.

The crook's goal is to make you click on the link that takes you to a scam web site where the real crime will take place. In the case of the scam Cissy thwarted, it appears the crooks clumsily tried to camouflage the link to their scam web site by the use of what is called "percent encoding." The link started off with "facebook.com/l.php?u=https%3A%2F%2Flinkup.top%2F" Because spaces and certain non-Latin alphabet characters cannot be used in web site addresses, web browsers translate these characters as percent encoding. For example, if a web site address contains spaces, the computer automatically replaces them with "%20" to make the name compatible online.

Percent encoding is completely legitimate, but sometimes is used by cybercrooks attempting to obfuscate their fraud. In the case of the message Cissy received, it appears that the link would have taken her to Facebook.com from where she would have been immediately redirected to https://linkup.top which we presume to be a malicious web site.

So please note that the advice given last week to never ever click on links in emails applies equally to all of the other forms of messaging. This includes SMS/MMS text messages, Facebook Messenger, Skype, Telegram, Whatsapp, Twitter, Signal, Discord, SnapChat, Threema, Kakao Talk, Viper, Line, Kik, WeChat, GroupMe, and I could go on because the aforementioned are just the most popular messaging apps.

Suffice it to say that if there is an app you use to send or receive messages, some cybercrooks will eventually find it and try to con you with a fake message. Please remember to never never never never never never never ever click on links received in emails or other message apps. It is not safe to do so and there is no way to make it safe.

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar