ScamLens
← العودة إلى دليل الاحتيال

احتيال التصيّد

التصيّد هو أكثر أشكال الجرائم الإلكترونية شيوعًا. يقوم المهاجمون بإنشاء مواقع ورسائل بريد إلكتروني مزيفة تبدو مطابقة للخدمات الشرعية (البنوك، وسائل التواصل الاجتماعي، المتاجر الإلكترونية) لسرقة بيانات تسجيل الدخول وأرقام بطاقات الائتمان والمعلومات الشخصية.

الأساليب الشائعة كيفية التعرّف كيف تحمي نفسك أمثلة واقعية

الأساليب الشائعة

  • Emails claiming your account has been compromised and urging immediate action
  • Fake login pages that look identical to real services like PayPal, Amazon, or your bank
  • Messages with urgent subject lines: "Your account will be suspended", "Unauthorized login detected"
  • Links that look legitimate but use lookalike domains (e.g., paypa1.com, amaz0n-support.com)
  • QR code phishing ("quishing") where malicious QR codes in emails or physical locations redirect to credential-harvesting sites
  • Browser-in-the-browser attacks that display a fake pop-up login window within a legitimate-looking page to steal credentials
  • AI-generated phishing emails with perfect grammar and personalized details scraped from social media profiles

كيفية التعرّف

  • Check the sender's email address carefully — it often has subtle misspellings
  • Hover over links before clicking — the actual URL may differ from the displayed text
  • Look for generic greetings like "Dear Customer" instead of your actual name
  • Watch for urgent language designed to make you act without thinking
  • Inspect the URL in your browser's address bar for extra characters, misspellings, or unusual subdomains (e.g., login.paypal.com.attacker-site.net)
  • Check for poor formatting: mismatched fonts, blurry logos, or inconsistent branding that differ from the real company's communications
  • Be suspicious of emails asking you to download attachments you did not request, especially .html, .zip, or .exe files

كيف تحمي نفسك

  • Never click links in unsolicited emails — go directly to the website by typing the URL
  • Enable two-factor authentication (2FA) on all important accounts
  • Use a password manager to avoid entering credentials on fake sites
  • Check the website with ScamLens before entering any personal information
  • Use hardware security keys (FIDO2/WebAuthn) for critical accounts, as they are immune to phishing since they verify the actual domain
  • Keep your browser and operating system up to date — modern browsers include built-in phishing protection that blocks known malicious sites
  • Report phishing attempts to the Anti-Phishing Working Group ([email protected]) and forward suspicious emails to the impersonated company

أمثلة واقعية

In the UK, victims received emails mimicking HMRC (Her Majesty's Revenue and Customs) claiming a tax refund was pending — the link led to a convincing replica site that captured banking credentials and National Insurance numbers.

In Australia, a widespread SMS campaign impersonated myGov and the ATO (Australian Taxation Office), directing recipients to a fake login page that harvested myGov credentials and linked Centrelink and Medicare details.

In Japan, phishing emails disguised as notifications from Rakuten and Amazon Japan asked users to update payment methods on cloned sites — victims lost credit card details and had unauthorized charges in Japanese yen within hours.

In India, attackers sent WhatsApp messages posing as the State Bank of India (SBI), warning of KYC expiration and linking to a fake SBI portal that collected Aadhaar numbers, PAN card details, and net banking passwords.

In Nigeria, fake emails impersonating Access Bank and GTBank informed customers of a mandatory BVN (Bank Verification Number) update, redirecting them to phishing pages that captured banking PINs and one-time passwords.

In Brazil, fraudsters created fake Banco do Brasil and Nubank login pages promoted through sponsored Instagram ads, stealing CPF numbers, account credentials, and Pix payment keys from thousands of victims.

افحص موقعًا مشبوهًا