Let’s start with a definition of phishing. It is the practice of tricking Internet users, through the use of deceptive email messages, phone calls or websites, into revealing personal or confidential information which can then be used to perpetuate identity theft, access sensitive data and/or steal financial assets from the victim.
Email messages employ “spoofing.” A hacker sends emails that appear to originate from trustworthy sources. They may appear to be sent from legitimate companies, from friends, family members or coworkers.
Hackers also spoof websites. They accomplish this via a technique called URL “cloaking” or “masking” Through the use of specialized scripts of computer code, hackers can cover up a legitimate URL with one that is associated with a trusted website.
The most common phishing scams involve bank or credit card notifications, unsolicited tech support notifications, “receipts” of high-priced items that you supposedly purchased, cut off of a service you use such as email or Amazon or even black mail attempts threatening to “out” your viewing of pornographic sites.
Common features to be aware of in email phishing:
- Too good to be true offers
- Urgency, you must act now
- Hyperlinks within an email – ways to get you to a fraudulent site to complete the theft
- Attachments in an email – often contain viruses or ransomware to seize your machine
- Unknown senders – maybe not the Nigerian prince but folks you don’t know with requests or offers
Spotting the suspects:
- Misspellings and poor grammar
- Poor graphic reproduction, i.e., fuzzy logos or other graphics
- Address from incorrect domain – if Bank of America sends you an email, it certainly will not come from @gmail.com or other personal account.
- Emails from people you don’t know asking you to look at embarrassing pics of a friend.
- Pop-ups – don’t be quick on the click.
Here are a few good ways to explore without getting snagged by the “phisher”:
- Hover your PC mouse over the email address to expose the real sender. If you’re using a mobile device (Android, Apple), investigate an email address by tapping on the address with your finger or stylus. You will see the actual sender’s address.
- Keep your browser up to date
- Maintain your firewalls
- Using anti-phishing toolbars or apps
- MOST OF ALL – THINK BEFORE YOU CLICK!
Extricating yourself from the clutches of internet thieves can be costly in more than one way. Identity theft can take years of legal work to resolve. Be aware of the many ways internet bad guys try to steal from you.
