Tame the FUD Factor!

Monday, February 5, 2018

Phishing, smishing, vishing... Using the web safely

All of these '...ishings' are just clever names for fraud. The primary difference is the communication method used but their goals are the same - to get someone to click on a link in an email, within a text message or believe the scammer on the phone and give them money and/or personal information.

No matter the media nor methodology used, the vast majority of these are sent 'in the blind' to thousands if not millions of people at the same time. Targeted attacks are rare and tend to be focused on 'high profile' individuals (politicians, entertainers, the very wealthy). Fortunately, the majority of us just get the run of the mill, generic spam - but that does not make them any less of a threat.

One of the more common and successful methods used is to make the message appear to come from a trusted and/or source known to you. For example:
  • an email from a friend or relative, claiming to be stranded in another country begging you to wire them money
  • a text message or social media post from a familiar or 'famous' name
  • a phone call from someone claiming to be with the IRS or other government authority threatening you with arrest if you don't immediately send money

The things they have in common:
  • they portend to be from someone you think you know, trust or fear (IRS)
  • a sense of urgency - you must do something IMMEDIATELY
Simply because you receive an email that has your mothers, childs, friends name and email address in the FROM line, does not mean it was actually sent by THEM. When you see these type of attacks the majority of the time the scammer has simply 'spoofed' the sender information. It is very easy to do, and fortunately, most major email providers (Gmail, MSN, etc) are pretty good at identifying and preventing the majority of these from getting through.  

The more difficult method to identify is when the scammer has gained access to your friends email account. They then send their phishing messages to everyone in their contacts list and only a close examination or a confirmation phone call will reveal that it is a fraud.

What can you do to limit your exposure to these types of fraud?

  • Don't click on ANY links, especially for any of your financial sites. Instead, open your browser and type in the web address to login, or use LastPass to do this for you.
  • If you feel you *must* click on a link, then teach yourself how to examine a link to verify it is legit. You can also use Google to examine the link for you. While not 100%, it is a quick, easy and free way to filter out many of them.
  • There are also some antivirus products that have a safe browsing feature as part of their product offering. The one I use and recommend: Webroot  You can purchase a 3 device license for 1 year for under $25 from Amazon.
If you want to learn more about the most common web/internet scams and how to identify them see this article, or simply search for: 'How to identify phishing email'.

But wait! In this article you say not to click on ANY links, but you have links throughout your blog. That is true, but if you are not sure you can trust them - you should not click on those either. When in doubt, don't click.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.