So someone comes up to you in a restaurant—a complete stranger—and asks to look at your driver’s license. What do you do? Show it to that person? You’d have to be one loony tune to do that.
However, this same blindness to security occurs all the time when a person is tricked by a “phishing” e-mail into typing in the password and username for their bank, or it may be the login credentials for their PayPal account or health plan carrier.
Phishing e-mails are a favorite scam of cyber criminals. THEY WORK.
When a cyber thief goes phishing, he uses a variety of bait to snag his prey. Classic examples are subject lines that are designed to get the recipient to immediately open the message and quickly react to it, such as an announcement you owe money, have won a prize or that your medical coverage has been cancelled.
And to resolve these problems, you’re asked to log into your account. This is where you place your account credentials into the palm of the thief on the other end of these e-mails.
- Phishing e-mails may address you by name (the hacker already knows about you), but usually, your name is nowhere mentioned.
- The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part. Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
- A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
- Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
- Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?
The links will take you to a phony site that looks like the real thing and ask you for your login credentials, credit card information, etc. Another way this scam works is by downloading a virus to your computer after you click on the link. Sometimes there’s an attachment that you’re urged to open. The lure might be that it’s a survey from your bank or a report to review from your employer.
A phishing e-mail may still look like the real deal. So how do you protect yourself? Never click on links inside e-mails. Don’t open attachments unless they’ve been sent from someone you personally know. If you think it’s from your company, healthcare plan or bank, then whip out your phone and call the company to see if they sent you the e-mail.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Phishing Scams: Don’t Click that Link!
You’re sitting on your front porch. You see a stranger walking towards your property. You have no idea whom he is. But he’s nicely dressed. He asks to come inside your house and look through your bank account records, view your checkbook routing number and account number, and jot down the 16-digit numbers of your
- How to win the War on Phishing
A phishing attack is a trick e-mail sent randomly to perhaps a million recipients, and the thief counts on the numbers game aspect: Out of any given huge number of people, a significant percentage will fall for the trick. The trick is that the e-mail contains certain information or is worded in such a way as
- Phishing attacks Two-Factor Authentication
Hackers bank heavily on tricking people into doing things that they shouldn’t: social engineering. A favorite social engineering ploy is the phishing e-mail. How a hacker circumvents two-factor authentication: First collects enough information on the victim to pull off the scam, such as obtaining information from their LinkedIn profile. Or sends a preliminary phishing e-mail tricking the recipient
- Phishing Protection 101
Phishing-type e-mails are designed to trick the recipient into either downloading a virus (which then gives the hacker remote control of the computer) or revealing enough information for the thief to open credit cards in the victim’s name, get into their bank account, etc. There are many ways the crook can trick the victim. Here are
- Fake Funeral & E-mail Scams: Recognize & Avoid
How does a funeral scam work in the first place? This is something that I, as a security analyst, teach to the consumer public. First of all, the fake funeral scam starts off with an e-mail. The fraudulent e-mails come disguised as a notification for a funeral. The Better Business Bureau describes how the funeral scam