Today I'd like to talk more about one of the most common online scam techniques– phishing.
SearchSecurity defines phishing as, "a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels."
When thinking about digital security, it's easy to imagine a castle under siege. Something like Helms Deep in Lord of the Rings. But it's called phishing for a reason. The average attack is as theoretically complicated as a baited lure. No need to raise an army or steal all the secret vault codes, just give people something shiny and seemingly interesting and they'll do the work. The most valuable tool in a cyber thief's kit is our own ignorance.
Don't think that this only happens to tech-illiterate grandmas.
One of my IT professors was the victim of a phishing scam at his previous job. Some cyber criminal sent out a bazillion phony Amazon package-tracking links and my professor was so eager to receive it he blindly clicked. He was the butt-end of countless nerd jokes.
Most commonly phishing attacks are executed en masse with little individual targeting. Once one account has been compromised criminals can use contact information to send out more enticing links with people's actual names.
So how can we really stay safe?
Here are some pretty basic but effective tips to avoid getting phished:
1. Don't click sketchy links.
Maybe you've received a Facebook message saying something like, "Peter I can't believe I found these pictures of you!" followed by some sketchy link.
Or maybe you're logged into Skype and a contact drops a link with your username at the end, like this:
Please do me a favor-- never click on links or messages like this. Ever. Just don't.
Just a few days after that I received an identical message from a close friend's account. I immediately informed him. If this happens to you, change your password ASAP and run a virus scan. We agreed neither of us actually use Skype and to close both of our accounts.
2. Stay skeptical.
If you're browsing the internet in a public place there's a chance the whole network is owned by thieves. Any information like login names and passwords can be seen. Avoid checking important accounts like banks while on a public network.
Never follow email or message links to login pages either. Always find your account directly and login normally. Modern browsers typically display a green lock in the URL bar when a proper site connection is made. If this box is red or gray when it is normally green, stop. Turn back.
3. Don't be the problem.
Sure, maybe you've never been phished out of your own information. But old accounts you've forgotten might be compromised. Take basic personal computer security steps like updating passwords periodically or simply closing unused accounts. They could be used to send phony messages on your behalf.
Keep an antivirus installed and make sure it's set to automatically scan at least once a week. If any odd warnings or messages pop up, don't ignore them.
The best defense is to simply be informed because cyber criminals prey on ignorance.
Leave a comment to discuss with me or reach out on social media!
@pjmulroe #MakeSecurityGreatAgain