Of course, you want a million dollars or a job where you can work from home and make $10,000 per week. It is human nature to hope for that big windfall in the form of a gregarious African king or long lost dead, but rich, relative. This is the fundamental premise of the email phishing scam. With one click of a button, not only is our hope of a bucket of newfound money taken from us but the money we already have can follow.
What is Phishing?
Phishing is a social engineering method designed to convince the recipient to disclose sensitive information. The ultimate goal is to steal money and digital identities. With enough information, a thief can access bank accounts, order credit cards, and make purchases under your name, leaving you on the hook for the transactions.
How Does It Work?
The typical phishing scam starts with an email or text. The message can either play on greed, offering money for help, or can be a threat that an account is going to be closed if the recipient does not act quickly. Let’s use the latter as an example. There are more than one billion Facebook users, so it would be a safe bet that an email addressed to “Facebook Users” will hit someone with an account. Typically the email tells you that your password needs to be verified. The link will bring you to a page that looks very much like Facebook. It may even be Facebook but with an overlay program that will capture everything that you type, including your password.
Those are the basics but phishing scams are not limited to email. With smartphones connected to Wi-Fi, SMS text messages can work just as well as email for phishing. You receive a text saying, “Who is this?” The natural reaction is to assume that it is someone you know and give them your name. Now the phisher has your name and telephone number which can be used to gain more information.
How To Avoid Phishing
The U.S. Security and Exchange Commission has some simple rules to help people avoid being caught by a phishing attack. If there is any doubt about the authenticity of an email, make a phone call to verify it. This is the best advice for scams using bank or utility company names. Use the number in your contacts, not the one on the email, and call. For places that are not easily called like Facebook, Twitter, or government entities, open a new tab and type the URL directly or do a web search for the organization. This will help you avoid any software that may be attached to the email.
Attacks That Worked
The New York Times recently reported nine of the biggest, successful breaches against large businesses. The most famous of these latest attacks is the one against Sony Pictures that effectively scrubbed the movie “The Interview.” This was a coordinated attack using phishing and malware to access the company’s network, grabbing private emails and exposing sensitive and embarrassing information like pay scales and who dislikes who. If Sony would have been able to close the breach faster by knowing when it was happening, they could have reduced much of the damage.