Recently I went on vacation to a nice lake in Rhode Island and I spent that week on and off a small boat with a fishing rod in hand. I found fishing to be relaxing, even though I barely caught anything. The rhythmic action of cast, wait, reel was almost comforting. So what does this have to do with being safe online? Well, today we’re going to talk about a tactic called “phishing” and how you can avoid being caught - hook, line, and sinker.
Phishing is almost an art form with how creative and clever criminals have become. The entire purpose behind fishing is to lure you in to providing important personal details to the criminal. There are some popular ways that criminals phish for information, but they’re all relatively easy to recognize if you know what to look for. On top of that, I can help you by providing some tips to help filter out any and all phishing attempts. Much like a fish in a lake can’t avoid seeing the hook and lure, we can’t avoid seeing these phishing attempts.
The first tactic we will cover is the e-mail scam. In this attempt, the criminal sends you an e-mail from a seemingly authentic source, asking you to do something or provide some information. Sometimes they want you to reply with information, but more often they ask you to visit a website. The source could seem like a real company, such as Facebook or even your bank, but forging the sender of an e-mail is as easy as typing in a fake name. The red flag for you here is that no company I know of will ever ask you to “re-enter your password” in an e-mail. If there is an issue with your password, they will just send you a random one and ask you to log-in to change it. Further, no bank should ever ask you to provide your account information. They should already have all this information, and most banks or credit card companies will actually call you directly with such sensitive issues.
So how can you further protect yourself from this scam tactic? If you’re somewhat savvy, then you can look at the link that they’re asking you to click. In most mail programs, holding your pointer over the link will show you the real destination in the bottom of the program’s window. The link shown in the e-mail is more than likely fake, so they will not match up. The best solution is to head to the company’s website in question manually: If the e-mail claims to be from Facebook, then type in: “www.facebook.com” in your web browser and head over to the Help section. There will likely be contact information, so you can call or send a message to the company and ask if the e-mail was authentic.
You should NEVER click a link in an e-mail without first making sure that it is real! Keep your eye out for fakes that look similar, such as: “ww.wfacebook.com.co” Just because the link has the company’s name in it doesn’t mean it’s authentic. The company’s web address should look something like “www.facebook.com”. Do you see the difference? If you do happen to click on a link, you should always check your web browser’s address bar at the top and see where it took you. Once again, if you’re suppose to be at a company’s website then their actual web address should be in that address bar. We call these addresses URLs, in case you hear that term. Most modern web browsers are smart enough to discover such phishing attempts, but you should protect yourself by staying alert anyway.
The next tactic we’ll cover is a little more broad and may actually use e-mail as well. I call these “Too Good To Be True” scams. If a man walked up to your front door today and said that you could get a free car by just doing a few simple things, you’d probably shut the door on him. The problem I’ve found is that online, people are accustomed to hearing about “great Internet deals”, so when they see a scam that says “Get a free Laptop, Click here!” they’re more apt to follow. I’m not saying that all sweepstakes and give-aways online are scams, but you should at least vet out the offer before you provide any information at all. This also includes scams targeting users of popular games, such as FarmVille on Facebook. Offers that claim you can cheat or win free coins or other in-game items by performing a few simple tasks are also attacks.
To protect yourself from these attacks, you should inspect the deal or offer and look for a few key components. Most sweepstakes or give-aways are sponsored by a company, after all someone needs to pay for the prizes right? If you can’t find a link to a sponsor, then take a look at the address bar. Does it appear to point to a reputable company? If not, then it’s not worth trying. Most of those offers want your name, e-mail address, street address, and other information. Even if they don’t use such information in an attack, they will most certainly sell it to the highest bidder, giving you more spam and more headaches later on.
On Facebook and other social sites, the scams often come from people you trust that have actually been compromised. Once again, this is where being alert and observant pay off as you should never download a program from Facebook, nor should you ever go to a web address that doesn’t look authentic. A relative of mine recently sent me a message asking to “check out her webcam!” and provided a link. Now, not only did I know my aunt better and knew she didn’t have some raunchy webcam site, but the link provided in the message just looked strange. When in doubt, reply to your friend or relative and ask if they did indeed send you the link. You could even call them if you have their phone number. If they didn’t, then suggest to them that they have their computer scanned and cleaned.
The third avenue isn’t even online, and has been gaining popularity recently. The scam involves the criminal calling you directly and pretending to be from “cardholder services”, a bank, or other important institution. These are harder to discern, but you can still practice good safety tactics and avoid being had by these con artists. If you answer the phone and someone is on the line asking for your personal information, ask them what company they’re calling from and what exactly it is that they want. If they can’t tell you, then that’s an obvious red flag. If they do tell you, then write it down and tell them you’ll call right back. Look up the company’s real telephone number and call them directly. If there’s something wrong with your account, they will be able to tell you and you’ll be safe in knowing who you’re talking to. If there’s nothing wrong, then you can report the incident to them and help save others from being scammed.
The bottom line is that you shouldn’t trust anything or anyone on the Internet. Your best friend’s account could be compromised, so the e-mail they sent you with “vacation pictures” pointing you to a website that wants your personal information may not be authentic. The only way to really be safe is to check with people directly.
Phishing is almost an art form with how creative and clever criminals have become. The entire purpose behind fishing is to lure you in to providing important personal details to the criminal. There are some popular ways that criminals phish for information, but they’re all relatively easy to recognize if you know what to look for. On top of that, I can help you by providing some tips to help filter out any and all phishing attempts. Much like a fish in a lake can’t avoid seeing the hook and lure, we can’t avoid seeing these phishing attempts.
The first tactic we will cover is the e-mail scam. In this attempt, the criminal sends you an e-mail from a seemingly authentic source, asking you to do something or provide some information. Sometimes they want you to reply with information, but more often they ask you to visit a website. The source could seem like a real company, such as Facebook or even your bank, but forging the sender of an e-mail is as easy as typing in a fake name. The red flag for you here is that no company I know of will ever ask you to “re-enter your password” in an e-mail. If there is an issue with your password, they will just send you a random one and ask you to log-in to change it. Further, no bank should ever ask you to provide your account information. They should already have all this information, and most banks or credit card companies will actually call you directly with such sensitive issues.
So how can you further protect yourself from this scam tactic? If you’re somewhat savvy, then you can look at the link that they’re asking you to click. In most mail programs, holding your pointer over the link will show you the real destination in the bottom of the program’s window. The link shown in the e-mail is more than likely fake, so they will not match up. The best solution is to head to the company’s website in question manually: If the e-mail claims to be from Facebook, then type in: “www.facebook.com” in your web browser and head over to the Help section. There will likely be contact information, so you can call or send a message to the company and ask if the e-mail was authentic.
You should NEVER click a link in an e-mail without first making sure that it is real! Keep your eye out for fakes that look similar, such as: “ww.wfacebook.com.co” Just because the link has the company’s name in it doesn’t mean it’s authentic. The company’s web address should look something like “www.facebook.com”. Do you see the difference? If you do happen to click on a link, you should always check your web browser’s address bar at the top and see where it took you. Once again, if you’re suppose to be at a company’s website then their actual web address should be in that address bar. We call these addresses URLs, in case you hear that term. Most modern web browsers are smart enough to discover such phishing attempts, but you should protect yourself by staying alert anyway.
The next tactic we’ll cover is a little more broad and may actually use e-mail as well. I call these “Too Good To Be True” scams. If a man walked up to your front door today and said that you could get a free car by just doing a few simple things, you’d probably shut the door on him. The problem I’ve found is that online, people are accustomed to hearing about “great Internet deals”, so when they see a scam that says “Get a free Laptop, Click here!” they’re more apt to follow. I’m not saying that all sweepstakes and give-aways online are scams, but you should at least vet out the offer before you provide any information at all. This also includes scams targeting users of popular games, such as FarmVille on Facebook. Offers that claim you can cheat or win free coins or other in-game items by performing a few simple tasks are also attacks.
To protect yourself from these attacks, you should inspect the deal or offer and look for a few key components. Most sweepstakes or give-aways are sponsored by a company, after all someone needs to pay for the prizes right? If you can’t find a link to a sponsor, then take a look at the address bar. Does it appear to point to a reputable company? If not, then it’s not worth trying. Most of those offers want your name, e-mail address, street address, and other information. Even if they don’t use such information in an attack, they will most certainly sell it to the highest bidder, giving you more spam and more headaches later on.
On Facebook and other social sites, the scams often come from people you trust that have actually been compromised. Once again, this is where being alert and observant pay off as you should never download a program from Facebook, nor should you ever go to a web address that doesn’t look authentic. A relative of mine recently sent me a message asking to “check out her webcam!” and provided a link. Now, not only did I know my aunt better and knew she didn’t have some raunchy webcam site, but the link provided in the message just looked strange. When in doubt, reply to your friend or relative and ask if they did indeed send you the link. You could even call them if you have their phone number. If they didn’t, then suggest to them that they have their computer scanned and cleaned.
The third avenue isn’t even online, and has been gaining popularity recently. The scam involves the criminal calling you directly and pretending to be from “cardholder services”, a bank, or other important institution. These are harder to discern, but you can still practice good safety tactics and avoid being had by these con artists. If you answer the phone and someone is on the line asking for your personal information, ask them what company they’re calling from and what exactly it is that they want. If they can’t tell you, then that’s an obvious red flag. If they do tell you, then write it down and tell them you’ll call right back. Look up the company’s real telephone number and call them directly. If there’s something wrong with your account, they will be able to tell you and you’ll be safe in knowing who you’re talking to. If there’s nothing wrong, then you can report the incident to them and help save others from being scammed.
The bottom line is that you shouldn’t trust anything or anyone on the Internet. Your best friend’s account could be compromised, so the e-mail they sent you with “vacation pictures” pointing you to a website that wants your personal information may not be authentic. The only way to really be safe is to check with people directly.
No comments:
Post a Comment