Two relatives of mine got scammed/phished recently. Nothing serious happened fortunately. Some interesting observations:
- People see URL's as opaque blocks. They have 0 clue where they point to since they have 0 clue about how to read them.
- "Check the domain" doesn't help (even assuming the knowledge of what part of an URL string is a domain) if you have no information about what domains are "normal" (whatever that means).
- Regular people don't see giving out CC's or other sensitive information as a critical task. One of the victims told me they gave out their CC while doing two other things - I'd drop everything to focus such a task, while for them it's just another boring physical copy-paste.
Based on this most of are awareness advise is shit.
#phishing #scam