Phishing (pronounced “fish-ing”), is something you may have heard about in the past few months, but you may be confused as to what it is, and worse, what it can mean to you. In short, phishing is an attempt to get information from you that can allow someone to impersonate you online, and sometimes even in person. I’m going to go in depth on what exactly it is and some of the methods the people doing it have used. Finally, I’m going to let you in on my secrets for avoiding it.
What is Phishing?
The word phishing was chosen because, quite literally, it is the action of fishing for gullible people that will give up information they would normally want to keep to themselves. This information can include, but is definitely not limited to, the following:
- Bank account information, including account and routing numbers
- Credit card information
- PayPal login Information: Username and password (otherwise known as login credentials)
- Email username and password (Phishers using Google Docs are usually after this)
- Social media login credentials
- Other identifying information such as full name, home address, and social security numbers
Obviously, the information the “phishers” go after is stuff you really don’t want anyone knowing. If even one of these pieces of information becomes known by someone with bad intentions, the results can be terrible, but if they get hold of your financial information, the results can be, and have been, devastating. Imagine waking up one day to find your PayPal and bank accounts completely empty or overdrawn.
Some Common Phishing Methods in Use
You may have received an email that, on the surface, appears to be from a bank or credit company, maybe even your bank or credit company, telling you that they’ve noticed a problem with your account and would you please verify your account number — by email or a fake phone number.
By now, you’ve probably heard of the scams coming from (insert name of impoverished African country here) with queens, princes, princesses, and heirs/heiresses requesting your help in getting their money out of the country, promising to give you half of what they have, or, at the least, a few million dollars.
My favorite is similar: “Congratulations! You have been chosen as the grand prize winner in the Microsoft UK Million Dollar Sweepstakes!”
The newest phishing scam going around that I’ve heard about concerns Google Docs. In case you don’t know, Google Docs is a platform that businesses and families use to share and update documents. It’s much easier than having to email everyone on a distribution list when a document is updated since the document resides on Google’s servers and not anyone’s computer.
This one goes something like this: “Your flight booking has been updated using Google Docs. Please log in now to view the changes.” Of course, the scammers don’t always use “flight booking.” They may say, “Dear Tom, I’ve revised the schedule for the next meeting and posted it to Google Docs so everyone can see it. Regards, Dave.”
How to Not Be a Victim of Phishing
In order to prevent yourself from becoming a victim of phishing, you have to be vigilant. Pay attention to what you receive in email. When you receive an email purporting to be from PayPal or your bank, don’t ignore it, but do keep in mind that these two entities know your name — the phishing email will normally begin with something like “Dear Valued Customer.” PayPal specifically states that they will use your full name: “Dear Michael Aguilar” (the name I used to register my PayPal account) for example. They also ask that you forward any email that does not contain your full name to them, so they can attempt to prosecute the offenders.
When you receive an email saying that it’s from one of those African princes, it should go directly into the trash, never to be opened. I used to open them, so I could read them for a good laugh, but they’ve gotten smarter and embedded code into the email message that can make just opening the message dangerous. This also goes for those “Microsoft UK Sweepstakes” emails. All they want is your banking information, so they can empty your account.
The Google Docs scam is a little harder to notice, unless of course you’ve never used the platform before. Prime clues include: Your company/family doesn’t use it or you haven’t purchased any tickets or whatever is alluded to in the email.
2 Secrets to Avoiding Phishing
These actually aren’t really secrets at all, just common sense things I do to keep myself safe online. First and foremost, I use a quality antivirus solution-either Kaspersky Internet Security (Windows/Mac) or ESET Smart Security. ESET has a smaller footprint — meaning it takes up less memory, hard drive, and processor power, but I have found Kaspersky to be more responsive in reacting to new threats. Kaspersky will also show a warning page when a suspicious link has been clicked. I also like that Kaspersky has a function that makes sure my passwords stay secret when I type them.
When I receive an email that I feel is suspicious, I look at what are known as “full headers” (see image above). These can be difficult to decipher, but will tell you the address of who sent the message, as well as the return path. In Yahoo, these can be accessed under the “More” dropdown menu. This is the easiest way to ensure that you don’t get bitten by the Google Docs scam.
As for my bank and PayPal? I only communicate with them over the phone, I refuse to conduct any business with them online, except for transactions.
Hopefully, you’ll be able to use some or all of these tips as you try to avoid scams caused by phishing. We’ll continue to try to help you figure out what’s legit and what new scams you should avoid.
Photo Credit: Ethical Hackers Zone