Here at Life Abridged we’ve covered how to handle internet trolls, the lurking losers who stir trouble online with their verbal wrath. But what also permeates our email and social media interactions is another unwelcome party: phishers. And no, they have nothing to do with fake ham, or the band Phish.
If you’re lucky, your email client filters most of the obvious gems: “Mr. Rudy Shoeshine from Seoul will give you a cash reward for sending xxxx to xxxx” (egregious typographical errors and revolting grammar mistakes removed for your reading sanity). And if you’ve grown up in the internet age, you know not to reveal financial or confidential company information to unknown recipients. Nothing new there.
But frighteningly, the messages reaching our inboxes are appearing more and more legitimate. Attackers are using the same branding, fonts, and formats as real companies. I recently received a “LinkedIn” notification with the company’s recognizable blue logo and identical font—plus flawless grammar—telling me “Scott Green” is still awaiting confirmation of his request. I compared it to a real LinkedIn notification. Almost a mirror image. I’ve received direct messages (DM’s) via Twitter from actual friends, telling me to look at pictures. Luckily, I hadn’t seen the person in 10 years but if it had been a close friend, I may have fallen for it.
Beyond the obvious precautions, here is a tutorial on the art of phishing and its progression, and what you can do about it.
An attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. He/she may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.
Phishing, a form of social engineering, uses email or malicious websites to pose as a trustworthy organization. Phishing attacks often occur during emergency situations, taking advantage of vulnerable or uncertain times to extract personal information. Such events include:
- natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
- epidemics and health scares (e.g., H1N1)
- economic concerns (e.g., IRS scams)
- major political elections
What Can You Do?
- It’s a no-brainer to be cautious of all communications. But if you’re unsure of a message’s legitimacy, run your mouse over the link. Does the extension match the company name? Or does the display text say something like “Visit Facebook” but the link is actually downanddirtyxxx.com?
- Then, delete it and change your password. You can also forward it to the Federal Trade Commission at firstname.lastname@example.org.
- Do not enter personal information in a pop-up screen. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens.
- Multiple companies reported that 43% of their employees are susceptible to attacks. At work you may feel secure relying on your IT Department’s security software, but your coworkers may be the ultimate problem.
- Install a phishing filter on your email application and also on your web browser.