Monday, November 5, 2018

Help in Avoiding Phishing Scams

Screen Shot 2018-11-02 at 8.19.38 AM.png
We live in a time where security needs to be at the forefront of everything we do before we click or tap a screen.  You could easily be giving away access to your phone, your tablet, your computer, or God forbid your corporate network.  It’s a very easy mistake to make and happens all the time.  All of the recent data break-ins that I’ve researched recently have started with a phishing attack like the one shown above.
The concept behind phishing is pretty simple.  Send someone an email and convince them to click on a link that downloads malicious code to the device.  Usually the email comes from what appears to be a “trusted source” such as a friend, co-worker, or as in the case above a credit card company.  These emails also frequently utilize some psychology that is referred to as “impending doom” to get you to act.  This impending doom in the example above is “avoid temporary block of your card”.  Many folks see this and panic thinking they are about to have their card shut off.  In that temporary moment of fear, they panic and, not thinking rationally, click the link… and that is all that it takes.  The link unleashes nefarious software that then takes control.  Of course the user is never aware of this.  The device/computer continues to function perfectly in a normal fashion.  However, in the background, the device begins to leak information like the proverbial sieve.
If this is a personal device, everything you do, type, every website you visit, EVERYTHING is sent to a bad guy somewhere who can then begin draining bank accounts, sending SPAM with your device, access and attempt to phish your contacts.  They can also control your camera and your microphone to use your device as a way to spy on you personally.
The only thing worse may be having this happen at work and the only reason that’s worse is that it may get you reprimanded and best and terminated at worst.  That’s because all of the above and more can be stolen from your employer’s network.  Hackers will soon gain administrative logins and then begin to steal or delete data.  They may also trigger a Ransomware attack that encrypts essential hard drives and then demands a payment to send you the unlock code… if they ever send it.
Ransomeware is becoming a much bigger threat every day.  I personally know of several people who have fallen victims to it.
So how do you avoid these types of scams?
The number thing to do is t be vigilant!!!  Cyber criminals count on either frightening us into action or lulling us into a false sense of security, either of which can then get us to act against our own self interests.  The above screen shot is a great example.  It appears come from a trusted source that you depend on and also uses the fear of having your account inactivated.
Some good advice for these situations is, first of all, stay calm.  No matter how great the impending doom, the delay of a few minutes won’t really make it any worse.  So stop, take a couple of deep breaths, and then re-read the notice.
By looking at the notice calmly and with a clear head, you may notice things out of the ordinary such as misspellings, mistakes in grammar, or incorrect use of a word which is a homonym for another.  There and their are classic examples.
Also check the *actual* email address my hovering over it.  In the example listed above, the sender was “American Express” but the actual address was some gibberish account.  The one you see when you hover, is the real address that your email will be sent to.
Also check with the company itself.  AmEx has a huge section on their website related to security.  I have even forwarded copies of emails to the fraud protection department of companies to find our if they are legit or not.  Amazingly, every one of them I have sent has been a fake.  If it is from a friend, text or call them and make darn sure they sent you the questionable email.  A few minutes of checking can save you inordinate amounts of time and grief trying to “undo” a security breach.
Also do some research on phishing scams.  There are many good websites out there with great advice and info.
Remember, preparing for an emergency is the best way to prevent one!

1 comment: