Despite the ever increasing frequency of "phishing" scams, and the amount of time, energy and money lost to this crime, it seems that too many people and businesses are blissfully unaware of how to recognize and react to these threats.
Here's a few terms that explain the nature of phishing.
E-mail Spoofing: An e-mail that appears to be from a legitimate or known person or business but has been forged and is actually from a different sender.
Before opening an e-mail, always place your cursor over the address without clicking it and you can see the actual sender details.
Social Engineering: Criminals, representing themselves as authority figures, business leaders or IT personal, then manipulate or coerce individuals to divulge personal information or carry out specific acts that compromise security or finances.
Develop e-mail and phone call protocols for yourself and your family, as well as your business partners, associates and employees, and follow the "slow down and think before you act philosphy".
Here's a few types of phishing scams and ways to avoid being "caught"
Deceptive Phishing: as mentioned in the description of E-mail spoofing, criminals send e-mails that appear to come from recognized and trusted sources, asking for you to verify account details and information, or asking you to make a payment. With this information, scammers can access your bank account or use your credentials to get credit cards.
Knowing that banks and other legitimate businesses do not ask for this type of information helps, but also watch out for generic greetings, incorrect grammar or spelling mistakes.
Spear Fishing: Similar to "deceptive phishing" except criminals have gathered personal infomation about you from social media and other easily available sources and use that to earn your trust by making a personal connection.
Again, this type of messaging will likely contain spelling mistakes and grammaticaal errors, as well as contain some sort of sense of urgency or an ultimatum if not acted on immediately.
C.E.O. Fraud:
Using the same techniques as those in "spear fishing", scammers impersonate a business leader, such as the C.E.O. or company president, and request an employee to make a payment or transfer funds on their behalf.
As with any company security, protocols must be establshed, and education and training implemented, to help employees recognize these types of attacks.
Pharming: Hackers poison a website's Domain Name System ( DNS) and redirect users to a false site which is under the scammers controlin order to intercept payments.
When using a website for payments and other financial transactions that require security, always check the URL and look for the secure certificate. Use only HTTP s protected sites.
Dropbox or Google Phishing: E-mails invite recipients to recieve a shared file or download a document that appears on an official website but are actually redirected to one controlled by the fraudsters.
Use two step verification for entering secure sites and accounts.
- As already mentioned, being aware of the ways and means that scammers use to phish will go a long way in protecting yourself.
- Always be wary when clicking on links and opening unsolicited e-mail invites.
- Check websites for the HTTPS designation and consider using anti-phishing tools that analyze websites and check against know phishing sites.
- Keep your browser up to date and check your accounts regulalry.
- Use anti-virus software and firewalls.
- Be wary of pop ups online.
- Best practice is to not give out personal information.Better to research the institution you are wanting to do business with, contact them yourself and set up a secure account.