Phishing
phish·ing
ˈfiSHiNG/
noun
the activity of defrauding an online account holder of financial information by posing as a legitimate company.
“phishing exercises in which criminals create replicas of commercial Web sites”
I thought I would take some time to discuss a major attack that no amount of software can defend against. This is the Phishing attack. No software defends against this kind of attack because the user willingly hands over personal information to the bad guys. In other words, it dupes the user into destroying themselves. Some are very good and extremely hard to detect as fraud. So let’s go over the basics of keeping ourselves, and our school district, safe, shall we?
Type 1 – “The <insert some country here> Prince” scenario
We’ve all seen this one. It is still going around and has been for nearly 20 years. Why? There can be only one reason. Sometimes, no matter how infrequently, it still works! The premise is simple. you’ll receive an e-mail indicating that someone somewhere wants to give you millions of dollars for no good reason. And all you have to do is give them your Social Security number and bank information for them to transfer the funds directly to you. What a deal! Of course, we all know that once you give them the information, they empty your bank account and split. This one was easy and provided here only as a history lesson for how Phishing started.
Type 2 – Your bank needs your information
In this one, you receive a very authentic looking e-mail from (what appears to be) your bank or other institution. They have detected fraudulent activity on your account and because they are you friend and want to protect you, they need need some personal information to secure your account. This can be scary and extremely convincing. The email will appear to come from the correct email domain. The logo and signatures on the e-mail will appear legitimate. Everything about it will seem right. There is only one thing wrong with it. YOUR BANK NEVER DOES THIS. No reputable company will every request such personal information through e-mail, where it could possibly be read by anyone. Any requests like this will come via regular mail or phone. If you are still unsure, call the company purporting to send the e-mail. Look the number up from your bank statement or CC and give them a call. Do not click on any links provided in this e-mail either. It can lead you to bogus websites, set up to exactly mimic the legitimate site and whose purpose is to steal your information.
Type 3 – “We know what you did and now you’re in trouble”
This is the most amusing phishing scam.. at least for those of us who know we did nothing. This is a straight up extortion scheme. “We know what you did or what it looks like you did. Pay us or we’ll tell.” Sometimes a website pops up. Other times it comes in the form of an e-mail. Either way, rest assured. If the FBI is coming to get you, they will not send you a nice e-mail first! smile emoticon This is simply another way to get your personal information. Just take a breath and realize you did not do anything wrong.
SUMMARY of ways to protect yourself from Phishing Attacks
1) If it seems too good to be true, it is. No one is going to give you a million dollars for no reason.
2) Banks and other institutions never ask for personal information via email. If you have questions, call them on the phone.
3) You did not do anything wrong, and you know it. smile emoticon
I hope you find this tip helpful and that it helps you stay safe and puts your mind at ease.