Clicking Phishing Scams So You Don't Have To

today i'll be voluntarily falling victim to phishing attacks handing over real credit card information but then tracking what the scammers try to purchase and so i've collected three phishing attack messages for this video one from a tick-tock direct message one from a text message and one for my trusty old email spam folder what's behind these sketchy links each scammer is begging me to click on well today we're gonna find out if you're unaware a phishing attack is a type of social engineering hack used to steal personal information like login credentials or credit card information typically phishing attacks involve the impersonation of a trusted entity and the manipulation of your trust and emotions to get you to unknowingly provide that sensitive information to a nefarious actor the difference is today we are going to knowingly provide that sensitive information so we'll see what happens the first fishing attack hits a little too close to home for me a while ago i had this great idea to do a video game giveaway on my tic-tac account where i would pick a random commenter and then spin a prize wheel and then give them whatever video game it landed on the cool part was well at least what i thought was a cool part was that i was going to do this by giving away steam game codes which are just strings of text that you can use to activate a video game in your steam account without ever having to type in credit card information provide your name and you don't even have to click a link so on tic tac i would direct message the winners of this giveaway with these steam game codes and thought perfect they get a free video game and i get the peace of mind of knowing that they're not getting scammed right well of course not little did i know that even announcing this type of giveaway was a breeding ground for scammers seemingly overnight a bunch of impersonation accounts cropped up pretending to be me and honestly some of these are kind of clever like this one for example replaced an m with an r and an n so if you saw this on a small enough screen it will just look like a normal mr easter account regardless these types of accounts went haywire and started spam messaging as many of my followers as they could now thankfully i started receiving messages from my followers speaking up and saying hey someone's impersonating you and sending me these sketchy links and as soon as i heard that i immediately deleted those videos and shut down the giveaway but before that happened i did get my hands on the messages that the scammers were sending out to people and this is what it looked like again in the spur of the moment you might just take a glance at this and think it reads mr easter you've won my video game prize giveaway here's the link to your free game hope you enjoy now for the sake of not perpetuating phishing attacks i'm going to blur out all the sketchy links in this video but now what actually happens if you click this sketchy link this is something that you should definitely not try at home but here we go and we're in this is clearly trying to impersonate the steam powered website but as you can see even at first glance the alignment of everything is just kind of off claim your gift you've been sent a free video game to receive confirm your credit card information to begin download i honestly thought they were going to ask me to log in and then steal my credentials that way but it looks like they're just going for the credit card and now for the sake of this video i created a virtual credit card so i can put in a legitimate number into these fields that way also at the end of the video we can track and see what all these scammers tried to buy with this information and so let's throw caution to the wind and just put in our information here credit card info we need a name how about thermal pesti the most high-end computer builder in the world put in the rest of the billing info and submit confirmed your game should begin downloading automatically momentarily alright clearly nothing's happening so on one hand that means that we're not downloading malware which is good but on the other hand we did just give our credit card information to some random person in general this website has a bunch of immediate red flags like first of all none of these links actually work and here valve is actually spelled incorrectly so pro tip if you're going to scam people double check your spelling but some phishing websites will look indistinguishable from the legitimate sites that they're impersonating that's why it's super important to first of all always be cautious when browsing the web and second of all to use a virtual private network like nordvpn whose new threat protection feature helps steer you away from these dangerous websites that are trying to trick you into giving away your sensitive information for example if we were to rewind a couple minutes install nordvpn onto our machine and then try to click that sketchy link let's see what happens let's open up northvpn and click over to the threat protection tab which gives access to a bunch of additional security measures and if we turn that on all of those are now enabled so now if we bring back that sketchy direct message and we re-click that link as you can see now we get this pop-up as a warning message as displayed prior to that fake steam website even loading at all this is great because it prevents you from even having to worry about this kind of stuff i honestly wish all my viewers had this extra protection back when i was running that video game giveaway to avoid falling victim to this attack but for you it's not too late i do highly recommend you try out the threat protection feature from nordvpn which can be downloaded using the link in the description below not only does nordvpn now protect you against these harmful phishing sites it also encrypts your internet data to ensure that you're not being tracked by scammers marketers governments and even your internet service provider special thanks to nordvpn for sponsoring today's video but for the sake of voluntarily falling victim to more phishing attacks we're gonna have to disable this for now the next phishing attack that we'll take a look at was actually sent to me while i was planning for this video a couple days ago i received this sketchy text for some random number that said your package is on hold to redeliver your package please enter an eligible address at dot com now i know for a fact i don't have any packages coming my way and this is actually another type of common phishing attack sometimes called sms phishing or if you're being super technical submission similar to normal phishing attacks scammers behind these sms attacks try to leverage your inherent trust by impersonating a reputable entity like in this case the us postal service now i would normally ignore this text and report it as spam but in the spirit of today's video let's risk it and click the link to find out what they're actually trying to get from us i mean this does look like usps.com obviously the url isn't usps.com which happens to be the logo for usps but in general at first glance this does look like a usbs page although now that i'm looking closer none of these buttons work at all this is like a screenshot of the usps's page all right i mean that's a giant red flag right away but regardless let's take a look at what it's asking for lost package recovery your package is on hold to redeliver your package enter an eligible address below oh again package is spelled wrong here come on scammers you gotta step up your game unlike the last phishing attack this one is asking for our address not our credit card information see thermal paste way i wish i lived there all right with that let's see what happens pressing continue now okay so now it's asking for credit card information clever okay so it's saying to redeliver your package to this new address a fee of 117 be applied that's crazy they're literally holding a package that doesn't exist as ransom that's how they get you like i said they leverage your emotions so if you were expecting a package and this happened to be sent to you you might really think that this is legitimate and fall for this all right i see what's happening i just refreshed the page and this number just completely is random every time that you press f5 it just jumps to a completely another number so i'm curious if we put in our credit card information if it'll deduct this actual amount or if we're going to use it for something else entirely to find out let's type in our credit card number expiration dates and our security code thank you please allow two to four weeks for your package to be resent to your new address this is so scammy oh my gosh because the thing is i could legitimately see people falling for this and then they're just gonna be waiting around for the package that doesn't exist to arrive having thrown away potentially hundreds of dollars all right moving on to the final phishing attack that we'll dive into today let's take a look at one from my spam email folder there are hundreds of scammy messages to pick from here so let's just find one that sounds interesting oh perfect okay this one it claims to be from newegg but looks nothing like their normal emails in fact it's yellow and red which is just not their colors at all answer and win rewards up to 90 in value congratulations you have been chosen to participate in our loyalty program for free all it'll cost you is your personal information all right let's click start survey oh man okay i've used newegg to buy a bunch of computer parts which means i've unfortunately had to interact with the newegg support system and i could honestly see this webpage on newegg's website as like a survey you would fill out after interacting with their support staff please take a moment to fill out the questions below our team will review the details you've provided at least on this page it's not asking for login credentials or credit card information but interestingly it does look like it's trying to collect those security type questions that you might use for account recovery so things like favorite pet name and street of childhood home these are honestly things you shouldn't have publicly available on the internet especially if you use them for security questions but we're not gonna think too hard and we're just gonna enter in a bunch of information i'll put in one of my fake email addresses so we can see if they actually try to contact us put in a burner phone number i wonder if they use annual income to try to target the people that say they have more money than others do you guys have a pet named after a computer part all right and with that submit to receive 90 dollars please forward the email you've received to five individuals with not even a real wafer to track that so not only are they not gonna give me ninety dollars they expect me to forward on their phishing attack to other people why would i do that regardless it looks like this is the end of the line for this one as well several days later all right it has been a bit of time since i voluntarily fell victim to those phishing attacks and now i have an update on what those scammers tried to buy with my credit card let's take a look so there are five transactions here two from microsoft one from alibaba and two from steam looking at the first one it's only ten dollars but then right afterwards there was a hundred and fifty dollar charge and kind of similar on the steam side there was initially a forty dollar charge followed up by a three hundred dollar charge i wonder if the scammers try to do a small transaction to see if it goes through at all and then if it does follow up by getting the big bucks my gut is that for the microsoft and steam powered one that these people were buying gift cards or something like that so then maybe they could transfer that to their own account but this alibaba one stands out a little bit so i'm really curious what they actually tried to buy for 17 bucks don't you worry though i didn't lose any of this money i was able to stop the transactions from fully going through so at the end of the day we didn't just hand over 500 bucks to some scammer and now if you stuck around this long i have a surprise for you at the risk of opening up the same issues from my tic toc giveaway i'm going to give away some steam game codes right now to you if you happen to be one of the first viewers to watch this part of the video then congratulations here are three steam game codes that you can redeem for a free video game you don't have to click any links you don't have to give credit card information just go into your steam account click activate game and then type in these digits enjoy if you are able to get these before they're gone with that thank you for watching i'm mr easter your tech tinkerer and as always i will catch you in the next one see you later you