What can be uncovered about this suspicious URL contained in a text?

Aspirant

What can be uncovered about this suspicious URL contained in a text?

20190719_201042.jpg

This was sent to me randomly. I've been suspecting my girlfriend has been spying on me for while now and I finally am seeking answers. "Maggie" happens to be somewhat of a friend of my girlfriend. And it does seem to be her number. 

5 REPLIES 5
Superuser

Re: What can be uncovered about this suspicious URL contained in a text?

Hello,

 

Sounds that it is a bit out-of-date (and pinned to youtube); perhaps, it was ?! try to receive subscriber to certain user or channel.

Another point is potential "vulnerable" design of service or further tries to trick user. But if so - it should be largely known trouble OR with more user's interaction.

 

Or I wrongly understood your concern?

 

Thanks!

Aspirant

Re: What can be uncovered about this suspicious URL contained in a text?

My concern is that it  randomly came from an unknown number, about joining a youtube channel. I foolishly clicked on it and it took me to what appeared to be a fraudulent looking page, posing as YouTube. Or maybe it was youtube, but there was no "channel" to join. It just didn't add up. 

 

Within days, that same link brought me to a 404 not found page.  Also, in the link text, there is a string of letters that spell out "Tspy". 

 

Ever since then my girlfriend has acting strangely, and bringing up things I've messaged to other people. She has stated that she knows when I'm still awake and using my phone, and appears to know when I wake up, by sending me messages very shortly after I unlock my phone for the first time that day.

Superuser

Re: What can be uncovered about this suspicious URL contained in a text?

My concern is that it  randomly came from an unknown number, about joining a youtube channel. 

Sounds as a spam or rogue / scam try. Thus, if it is completely "unknown" number - then it can be certain campaign against any other phone numbers (or certain database of numbers).

If it is somehow someone known - then it is from their phonebook. By their own decision; or by third-party malicious software.

I foolishly clicked on it and it took me to what appeared to be a fraudulent looking page, posing as YouTube. Or maybe it was youtube, but there was no "channel" to join. It just didn't add up. 

I think that it was youtube. At least, shortened URL is supposed to be so and official way to "subscribe" channel (add user to your "profile").

Within days, that same link brought me to a 404 not found page.  Also, in the link text, there is a string of letters that spell out "Tspy". 

Probably, it is something about spam. And, maybe, moderated pretty brief.

But, maybe, final URL was with some other tricks.

Ever since then my girlfriend has acting strangely, and bringing up things I've messaged to other people. She has stated that she knows when I'm still awake and using my phone, and appears to know when I wake up, by sending me messages very shortly after I unlock my phone for the first time that day.

In fact, it is possible thing. But there are some ways to explain such a thing.

For example, indeed some "spy" application is installed. Maybe, it was psychical access to device.

 

All in all, good to check list of installed applications, their permissions, other related settings. Maybe, additional option is to run scan by security application. To read some articles about subject.

But if it is an option - then good to create backup of all critical things and to do factory reset for device. Just as a try against basic spy tricks.

 

For example, there was such a topic:

Sounds as a popular request.

 

Sorry for my reply. Good if someone more experienced will suggest something else.

 

Thanks!

Aspirant

Re: What can be uncovered about this suspicious URL contained in a text?


If it is somehow someone known - then it is from their phonebook. By their own decision; or by third-party malicious software At the time of recieving text it was an unknown number. Not until months later did I realize it was someone I was familiar with. This person, to put kindly, is very simple. They wouldn't have the wherewithal, motive, or social skills to create and upload a video on YouTube, let alone navigate and make their channel.

   The person who owns this number is, to put kindly, a very simple person. They would not have the wherewithal, motive, or technical savy to create a video for youtube, let alone an entire channel. Or even navigate youtube well enough to create a viewer channel and share it

 

They are actually very naive, and would be an easy target for anyone to exploit. I.E. convince her to use her phone to "send someone something," Because, possibly, the party at large did not want the link to be traced back to them. 

But , the person who I believe to be behind this, had "borrowed her phone" once more,  to get ahold of me, months later, but with no attempt to conceal who they were. I guess it was arrogance,  or just stupidity that they told me who they were. 

 

I think there was spyware injected into my phones files, and installed some sort of keylogger or remote monitoring application. I'm actually quite sure she is monitoring me, without permission,  but I'm looking for proof and was wondering if this link could provide any proof that it was a phishing attack.

 


Highlighted
Superuser

Re: What can be uncovered about this suspicious URL contained in a text?

Hello,

 

They would not have the wherewithal, motive, or technical savy to create a video for youtube, let alone an entire channel. Or even navigate youtube well enough to create a viewer channel and share it.
They are actually very naive, and would be an easy target for anyone to exploit. I.E. convince her to use her phone to "send someone something," Because, possibly, the party at large did not want the link to be traced back to them. 

So, maybe it was "hacked" device of this user.

With meanings like:

- malicious application (or other trick) triggered sending SMS or other types of conversations to user's contact list with certain subject. Just as spam bot (or so). This is unknown for user.

- subject of SMS was URL to youtube channel or video or something else with something as "rogue", "scam" or any other suspicious things. For example, advertisements for something illegal or unwanted. Another possibility is try to redirect user to harmful website then. Or to try exploiting some vulnerable places. Since it can be "undesirable" channel or video - then Youtube delete it (moderated). Thus, URL is not valid / available already.

- when you re-ask "Who is it?" - real user received it and answered.

 

Of course, if next part:

But , the person who I believe to be behind this, had "borrowed her phone" once more,  to get ahold of me, months later, but with no attempt to conceal who they were. I guess it was arrogance,  or just stupidity that they told me who they were. 

is about previously quoted answer.

 

I think there was spyware injected into my phones files, and installed some sort of keylogger or remote monitoring application. I'm actually quite sure she is monitoring me, without permission,  but I'm looking for proof and was wondering if this link could provide any proof that it was a phishing attack.

I think that it is pretty tricky to install spyware or riskware via "youtube share functionality" (or what is "youtu[.]be/addme" for). Thus, perhaps, such a URL is not a proof for a phishing attack. For except, if there was more activities around it.

 

In general, it can be slurred try against you (but if so .... maybe this one with more "easy" ways to do so. Psychical access as example).

For example, if  visible URL from photo was only text. And real URL is another completely. Just like that:

https://duckduckgo.com (text is about duckduckgo search - but real URL is about Google.dk and opened page will be Google Search).

 

If so, maybe opened URL indeed leads to fake (phishing) page. Then, impact is unknown. With my own feelings - further user's interaction is also required.

But it also based on your OS and its build / version.

 

Thanks!