What's up everyone! Today, I bring you your next episode of Agent Insights! Today's topic is yet another one about phishing. The main difference here is that this is an ongoing, real scam that is rather common in AJ. Without further ado, let's go!
First, what is phishing? We've made a couple of posts about phishing before. You may find them here and here.
This post has quite a bit of images, so I've included a page break.
On to the main topic. This scam involves a scammer directing people to a fake AJ site. They often claim that this "AJ" is AJ in another language when it actually isn't. Going to the website indicated by them could take you to a site that looks very similar to the real AJ. The thing is, when you key your username and password, you don't actually log on to AJ. Rather, the scammer who directed you to that fake site now has access to your account.
You might br thinking, but how? I didn't tell them my password! Unfortunately, the moment you entered your password into the fake AJ, you have given them your password. The fake AJ site was probably designed by the scammer to look like the real AJ to trick unwary users into giving them their password through them "logging in". In reality, once they have "logged in", the username and password data would have been sent to the scammer.
Now, I will write a couple of red flags that could be raised from this scam. First, AJ has their own servers for different languages. There is no need to exit the AJ site (and go to another site) to switch languages. Here is how you could do it.
On the main AJ site, scroll down till you see these icons.
First, what is phishing? We've made a couple of posts about phishing before. You may find them here and here.
This post has quite a bit of images, so I've included a page break.
On to the main topic. This scam involves a scammer directing people to a fake AJ site. They often claim that this "AJ" is AJ in another language when it actually isn't. Going to the website indicated by them could take you to a site that looks very similar to the real AJ. The thing is, when you key your username and password, you don't actually log on to AJ. Rather, the scammer who directed you to that fake site now has access to your account.
You might br thinking, but how? I didn't tell them my password! Unfortunately, the moment you entered your password into the fake AJ, you have given them your password. The fake AJ site was probably designed by the scammer to look like the real AJ to trick unwary users into giving them their password through them "logging in". In reality, once they have "logged in", the username and password data would have been sent to the scammer.
Now, I will write a couple of red flags that could be raised from this scam. First, AJ has their own servers for different languages. There is no need to exit the AJ site (and go to another site) to switch languages. Here is how you could do it.
On the main AJ site, scroll down till you see these icons.
Click the one that says "Language". It will display a drop down list of languages that AJ supports.
Then, you can click the language you want. Logging into AJ after changing languages will allow you to see the different servers with different languages.
Additionally, this is the url for the English server: https://classic.animaljam.com/en. This is the url for French, for example: https://classic.animaljam.com/fr. As you can see, the difference is just merely changing the two letters after the slash. There is no need to change the url entirely.
However, there are some scammers out there who make minute changes to the url of animal jam. They change it such that the url is different from the one above, but looking so similar that it is hard to spot the difference. A common one that I know of is changing lowercase "L" (l) to an uppercase "i" (I) , and vice versa. Others include changing lowercase/uppercase "o" to zeros (0) and lowercase "M" (m) to a lowercase "RN" (rn). To help us see through these tricks, I thought of a simple method.
This method requires the usage of Microsoft Word. For this example, I will be showing you how to use Microsoft Word to easily see which urls are real and which are fake.
First, copy and paste the urls into MS Word. For this example, the top link is the real one. I've made changes to the bottom three links with using the common tricks listed above.
Next, select everything, and change its font to something less regular. For even better clarity, you can increase the font size as well. I find that Comic Sans works well for this purpose.
After changing the font, it becomes clear that the bottom three are fake.
That's all for this post. Till next post, stay safe everyone!
-Dew
No comments:
Post a Comment
Your comment must be approved by a staff member before it will show up on the blog. Please do NOT post your comment multiple times.
We will not entertain any comments that are posted with malicious intent. In that sense, we will not remove any post on a scammer until we have solid evidence showing that the scammer in question did not actually scam. If your comment is asking for a post to be taken down or implies that any posted scammer wasn't scamming, it likely won't be published.
Please only comment if you have something of value to contribute. Comments that are pointless or just plain incomprehensible will be marked as spam. If you have a question, please check our FAQ before asking.