Give a person a fish and you feed him for a day. Teach a person to fish and you feed him for a lifetime. Teach a person how to identify phishing attacks and he/she will save him/herself and his/her company loads of embarrassment and fines. Perhaps that is not exactly how you remember the proverb but it rings true. Trout season just began, but phishing season is year round!
Phishing is the fraudulent practice of sending emails purporting to be from legitimate companies in order to induce individuals to reveal sensitive information. Unfortunately, phishing is on the rise. Hackers have found that hacking computer systems is hard, hacking people however, is much easier. Operating system vendors (e.g. Apple and Microsoft) and application developers regularly patch their systems to guard against hacker attacks, but the same cannot be said of people. The same attacks and tricks that have been fooling people for centuries, continue to work on people today. While the medium has changed, as most people don’t invite strange wooden horses they don’t know into their homes, we still let curiosity get the best of us. Remember, the best way to break into Fort Knox is not to try and drill through the walls, but instead to convince the guard to let you in.
The great security breaches that you read about in today’s headlines, many times are not the result of some evil denizens in some dark basement launching a massive coding onslaught, but something like this:
A simple innocuous looking email that directs you to click on a link so your account can remain active. That click will either direct you to enter in some personal information, or worse yet, direct you to an infected website which will install some sort of malware on your computer.
Here are some hints to keep yourself safe:
What’s the difference between these two links? Here’s a hint, it’s not the picture.
Here’s another example:
One will take you to gluten free cookies, the other, not so much.
We all need to pay our debt to society. We know that and faithfully complete the appropriate IRS forms year after year. Adding insult to injury, phishing scams increase during tax season. As such, the IRS produces an annul list of the Dirty Dozen Tax Scams. Here is a version of the list, minus some IRS jargon.
Hovering over hyperlinks and images will display the source of the image or be a cover to a malicious link. Look for disconnects between what you think you’re clicking on, and what you’re actually clicking on. Be very careful with this, as hackers will sometimes embed somewhat legitimate URLs with their own. For example, if the URL is supposed to take you to the Ebay login page, and instead it looks like this: http://www.ebay.com/login/redir?=www.getmyvirus.com/hahasucker.vbs
You should probably avoid it, even if it has the EBay domain built into it.
Pick up the phone and call someone. Don’t rely on contact information in a suspected phishing email. The number noted may be compromised or redirected to a number that the hacker is using. If it’s your bank or credit card, call the number on your credit or debit card. If it’s some other company, go directly to that company’s website to get the information (or heaven forbid, look it up in that weird yellow book you use for a monitor stand).