Definition

The fraudulent practice of sending emails or other messages purporting to be from reputable sources in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Related Terms

Spear Phishing (highly targeted phishing), Whaling (phishing targeting high-profile individuals), Smishing (SMS phishing), Vishing (voice phishing), Social Engineering, Identity Theft, Fraud.

Background

Phishing in the Fediverse involves attempts by malicious actors to deceive accounts into divulging sensitive personal information, credentials, or financial details. Attackers may impersonate trusted entities, other accounts, or even the platform’s administrators. They might use direct messages, posts, or links to fake login pages or malicious websites. The decentralised and sometimes pseudonymous nature of the Fediverse can be exploited by phishers to create convincing fake profiles or distribute harmful links across various communities.

You might encounter phishing through reports from targeted accounts, observing suspicious links being shared, or if a community member’s account is compromised and starts sending phishing messages. Identifying sophisticated phishing attempts can be challenging, and quick action is needed to protect accounts.

Why We Care

Dealing with phishing is critical because it directly targets the security and safety of your community members, potentially leading to identity theft, financial loss, account compromise, and unauthorized access to private information. A successful phishing attack against one account can sometimes lead to further attacks within the community if the compromised account is used to spread more phishing links.

If phishing attempts are common or unaddressed, it can severely erode trust in the safety of the community and the platform, making accounts hesitant to click any links or trust messages, even legitimate ones.

Spotting Phishing: What to Look For

Identification of phishing involves recognizing deceptive attempts to solicit sensitive information or direct accounts to malicious sites.

Account Traits: The account sending phishing messages might be newly created, have a low post count, or impersonate a known account or service (e.g., using a slightly altered name or profile picture). Sometimes, compromised legitimate accounts are used to send phishing messages.

Content Characteristics: Look for messages or posts that create a sense of urgency, fear, or curiosity to pressure an account into acting quickly. They often contain requests for login credentials, personal data, or financial information. Phishing messages frequently include links that may be disguised to look legitimate but lead to fake login pages or sites designed to install malware. Poor grammar, spelling errors, or an unusual tone for the supposed sender can also be red flags.

Posting Patterns: Phishing links might be spammed in multiple posts or sent as direct messages to many accounts. If an established account suddenly starts posting out-of-character messages with suspicious links, it may have been compromised.

Behaviour: The sender might insist on communication through a specific channel or pressure targets to click a link or provide information immediately. They will typically avoid any interaction that might reveal their inauthenticity if challenged.

Key Questions for Assessment:

• “Has a community member reported receiving a suspicious request or being directed to a fraudulent site?”
• “Does the message or post demand sensitive information (passwords, financial details, personal ID)?”
• “Does the message create an urgent or threatening tone to compel immediate action?”
• “Does the link provided look suspicious (e.g., misspelled domain, unusual characters, HTTP instead of HTTPS for a login page) or lead to a page that doesn’t match the purported service?”
• “Is the sender someone unexpected asking for this type of information or action?”

Before You Act: Common Pitfalls & Nuances

It’s important to quickly address phishing but also ensure it’s not a misunderstanding of a legitimate request (though legitimate services rarely ask for passwords directly via messages).

Legitimate Password Resets/Notifications: Official platforms usually have specific, secure methods for password resets (e.g., sending a unique link to a verified email). They generally don’t ask for your old password via DM. Be wary of any unsolicited requests.

Sharing Public Links vs. Phishing: Accounts sharing links to legitimate articles, tools, or their own content is normal. Phishing links are specifically designed to deceive and extract information or install malware.

Compromised Accounts: Remember that a phishing message might come from an account that is itself a victim and has been compromised. The account holder may not be malicious.

Common Gotchas:

• Clicking on suspicious links, even to “check” them (use a link scanner or sandbox if you must, or look up the domain separately).
• Not warning the community broadly enough if a phishing campaign is active.
• Failing to advise victims to change passwords and enable multi-factor authentication.

Key Point: Phishing is fundamentally about deception with the intent to steal sensitive information. Look for tell-tale signs like urgent requests for data, suspicious links, and impersonation.

Managing Suspected Phishing: Key Steps

When you suspect or confirm phishing:

• Do Not Click Suspicious Links! Advise others to do the same.
• Remove Phishing Content: Immediately delete posts or messages containing phishing links or requests from public view in your community.
• Ban/Suspend Offending Accounts: Accounts deliberately posting phishing links or messages should be banned or suspended immediately. If a legitimate account appears compromised, freeze or limit it temporarily to prevent further spread and attempt to notify the owner through other means if possible.
• Warn the Community: If a phishing campaign is active, issue a clear warning to your community members, advising them to be vigilant, not to click suspicious links, and never to share their passwords.
• Advise Affected Accounts: If accounts report clicking a link or submitting information, advise them to immediately change their passwords on your platform and any other sites where they use the same password, enable multi-factor authentication, and monitor their accounts for suspicious activity.
• Discuss with Team (if applicable): Alert fellow moderators or your Service Administrator immediately. Coordinate efforts for removal, warnings, and response.
• Report to Relevant Parties: Your Service Administrator may have procedures for reporting phishing sites to domain registrars, hosting providers, or anti-phishing services.

Example Community Guidance

Strike System: “Sharing suspicious links carelessly might result in a warning, especially if no apparent malicious intent is present. However, direct phishing attempts usually bypass strike systems.”

General Prohibition: “Attempting to deceive others into revealing personal information, login credentials, or financial details (phishing) through deceptive links, messages, or impersonation is strictly prohibited.”

Strict Enforcement: “Knowingly engaging in phishing activities, including distributing malicious links or impersonating entities to steal information, will result in immediate permanent account bans and removal of the content. Affected accounts and relevant anti-phishing services may be notified.”

Further Reading

• Learn about phishing attacks and know what to do if you’ve been targeted.
• Understanding and dealing with phishing during the COVID-19 pandemic