Thursday, May 11, 2017

// // Leave a Comment

Securing our Coins.ph Account: How to spot phishing sites by looking at the link

Coins.ph has discussed 5 tips on how to guard ourselves from phishing on their blog and the number one tip reads "Look closely at the URL before you click"
Screenshot of a message I received containing a link to a phishing site with thumbnail that resembles the homepage of Coins.ph.

For me, if I were to also write some tips that would also be number one in my list because for me it's really the most important thing to do. Since Coins.ph didn't discuss more of that, I want to expound this and give some examples so we would better understand how to differentiate malicious sites from the legitimate one.

I want to focus on the URL or link as what we call it and give you examples with link identified as a phishing site and also legitimate coins.ph link and legitimate sites and discuss their differences.

  1. https://coinsph.wixsite.com/claimnow
  2. https://app.coins.ph/bills-payment
  3. https://coinsrewards.wixsite.com/5000php
  4. https://support.coins.ph/hc/en-us
  5. http://coins.com/

My Question is, from the given 5 links, can you identify the legitimate link(s) of Coins.ph?

Let's dissect and discuss the basic parts of URLs using the link #2 "https://app.coins.ph/bills-payment"

Here are the basic parts of web links or URLs:

  • Protocol: https://
  • Sub-domain: app
  • Domain Name: coins.ph
  • Path: bills-payment
The most important thing to remember here is the domain name as that is the unique reference that identifies a website on the internet and that cannot be the same with anyone. Also, the domain name DOES NOT CHANGE WHEREVER YOU ARE NAVIGATING IN THE LEGITIMATE WEBSITE other parts changes. 
Take this another example: http://blog.coins.ph/post/124135233529/security-tip-how-to-guard-yourself-from-phishing

Look at the texts with red background. Is it the same with the domain name in the example given above? (basic parts example) Aren't they exactly the same? YES they are the same you are absolutely right! Is this link a legitimate coins.ph link? If you answered YES then you are correct because even though the sub-domain has changed and also the path, they are still under the domain name "coins.ph"

REMEMBER: protocol, sub-domain and path might change but if the domain name is the same, THAT IS STILL A LEGITIMATE LINK.

Here are other samples of legitimate Coins.ph links:
  • http://blog.coins.ph/post/124908532339/coinsph-account-extra-secure-with-two-step-verification
  • https://support.coins.ph/hc/en-us/categories/202511708-Getting-started
  • https://app.coins.ph/user/
At this moment in time, you should now be able to tell the legitimate link(s) of Coins.ph from the 5 links given above? Give me the corresponding number. Is it only #5? or #2 and #1?

If your answer is only #2, then you are WRONG, if you chose #5 you are absolutely WRONG, only #4? Very WRONG. The correct answer is both #2 and #4 are the legitimate Coins.ph link. Why? Just look at the domain names of the given 5 links. I am highlighting each of their domain names in red.
  1. https://coinsph9.wixsite.com/claimnow
  2. https://app.coins.ph/bills-payment
  3. https://coinsrewards.wixsite.com/5000php
  4. https://support.coins.ph/hc/en-us
  5. http://coins.com/
So you are asking me why #5 is not a legitimate Coins.ph link. The link #5 might be legitimate link but is certainly in a DIFFERENT DOMAIN NAME (coins.com) which made it not a legit Coins.ph link.

So that was it. I will be posting about social engineering soon so we will know how that kind of attack works so well to unsuspecting users like most of us.



0 comments:

Post a Comment