Protecting Yourself From Online Phishing Scams

Criminals always follow the money, and today, the action is online. In the 21st century, robbers steal personal information and passwords from across the world and use them to loot bank accounts, open up fraudulent credit cards, or even hold businesses’ data hostage for ransom, all while sitting safely at home in countries like China or Russia. With everything accessible via the web, cyber theft has become a significant problem, with victims ranging from government banks losing astronomical sums of national treasure to elderly seniors scammed out of their social security checks.

Don’t be an easy target

Often, the victims themselves are tricked into handing over their login information, leaving the doors to their vaults wide open! While anyone can be hacked, the bad guys are mostly after easy targets. Therefore, with a bit of vigilance and common sense, individuals can usually avoid the more amateur attempts to break into their accounts.

Be aware and skeptical

You would never give your house keys to some guy on the street, but many people do the online equivalent unknowingly. While you should certainly avoid the dark corners of the internet (such as illegal download sites), criminals use very innovative ways to get people to hand over their logins or personal information, including bank account numbers, birthdays, social security numbers, or even merely their email addresses or cell phone numbers.

While most people will reject strangers’ emailed requests for bank account access in exchange for money from a Nigerian prince or Bill Gates, one recent “offer” circulating by text offers a $250 Costco gift certificate to anyone who simply follows a link and inputs their email and cell number. “Those who have fallen for this innocent-sounding scam will not get a free certificate, but will be targeted for a damaging email hijack months later,” says Mordy Fried of Keystone Cyber Protection. “Being aware and skeptical is a critical part of cybersecurity.”

Don’t get phished

This skepticism must extend even to emails from known companies because of widespread “phishing.” In this type of deception, robbers “phish” for victims by sending out mass emails disguised as legitimate correspondence from large companies. Using logos and fonts identical to those of Chase Bank, Apple, eBay, etc., the scammers try to get you to either download spyware or enter account login information. Login links provided in a phishing attempt may lead to a replica dummy home page where everything looks just like the legitimate home page and all the links work correctly, but the victim’s username and password are captured and stored.

To make sure the victim doesn’t catch on that their username and password have been obtained (and quickly reset), after the login information is entered, the victim is indeed sent to their account, totally unaware that the “keys to the vault” have been copied. The gangsters can then login and empty the account at their leisure. And should spyware be downloaded via a link, the gangster can take hidden control of the victim’s computer, setting the stage for future attacks. Phishing emails are standard, and if you are online, you will be targeted. What can you do to protect yourself?

Avoiding the scammer’s nets

While Mordy recommends keeping your operating and virus software updated, he qualifies that this step is not enough. Be alert when dealing with unexpected emails, especially if they contain spelling errors or otherwise seem off and suggest urgency. Look carefully at the sender’s name as this can be disguised with similar but different spellings (e.g., [email protected]—Do you see the phish?). Visit the websites directly (not using the emailed link) or google the company’s phone number and ask if the supposed change is indeed legitimate (again, not with the emailed phone number). 

Check out links by hovering over them, or on a phone, by holding them briefly, noting where they lead before clicking (The text may read “Chase.com” but the link may be to svh.chase.ipay.com. See the phish? That company URL is ipay.com, not chase.com). And triple check for legitimacy before downloading any software or opening attachments, as a download can provide a hacker full control of your computer in seconds. Finally, use strong and unique passwords for your email and bank accounts that should they be compromised, will be most devastating. If the criminals do catch a fish, let it be a small one.


Want to dig deeper?

Try these related articles

Spear Phishing

Fighting Fake News

Scamazon: The Dark Side of the Internet’s Largest Store

 

 

 

Subscribe to the Newsletter

Share this Article on:

LinkedIn
Email
WhatsApp

Related Articles

Life is good, with little frill, and he’s mostly OK with that—until he hears the hock in shul about someone...
After shteiging for several years in kollel, it was time for Shmuel Basch to enter the workforce, but he had...
America is a land of entrepreneurs which glorifies those who can build an idea into hugely profitable ventures. However, for...

You can get all of

my insights

straight to your inbox.

I keep it light while making it super insightful and incredibly practical.