Phishing And Online Scams Be smart:
Phishing and online phishing scams
What is Phishing? – The definition of phishing
In the simplest of terms phishing is the act of pretending to be someone else who is trusted so as to get you to give your sensitive information such as access codes, usernames, passwords and bank details. Basically it is a hoax communication to get you to surrender your information.
Phishing is done electronically via email messages, telephone call or via a look alike website.
The overall objective of phishing is always to steal money or to steal your identity. Phishing is more like a marketing campaign, target many and hope a few will convert. That is why it is done in masses, that is mass emails and mass messages.
Examples of phishing scenario: (some phishing tactic examples)
- Your Social media account has been hacked and you need to reset the password. You may be redirected to a Facebook look alike website where you will have to enter your current email and password before you reset the password. Soon as you enter your details the username and password are captured by the phishers .Be careful this may apply to any web or financial service, yes, including your online banking too
- Your computer speed is very slow or may be your drivers are out of date or maybe your antivirus is out of date or maybe you have no antivirus installed or maybe you have a malware/virus on your computer or maybe you computer needs a full system check. And then you have to download a file to fix whatever computer error you were duped with. Well don’t download any files under these circumstances. This is what is called social engineering.
- You receive an email warning you that you are late in filing your taxes and should open the attached file and do so immediately or face the penalties. Take a breather because if you panic you are definitely going to download a virus into your computer. Treat all emails with suspicion. Anyway if you are unemployed or a minor and you happen to receive such an email that should even give you more reason not to open the attachment.
- The famous one is the one that tells you, you’ve won the lottery. Hey, surely how can you win and you did not even buy a lottery ticket? Delete that message and DO NOT open the links provided in the phishing email. It isn’t always the Lottery winnings. You might win anything. Sometimes the Phisher will raise your curiosity with the winnings. Click here to see what you have won.
- You have a notification. Yes we all love it when people get back to us. We constantly log into Facebook, Twitter , LinkedIn and so on, to see if we have any new notifications. We get smartphones so that we can constantly check our emails and get back to our clients in time but there is no way the entire internet knows that you have a new message. That notification at the top of your browser is not your Facebook notification. I know it looks exactly like the Facebook header that shows your notification but that is not Facebook. And that email notification on your browser top window is not G mail. Again, I know it looks like the G mail icon but no it is not G-mail so do not click on it.
The phishing scams
These phishing emails are engineered to acquire your information, especially your authentication details such as passkeys and usernames. They send you friendly, encouraging and sometimes stern emails to get you to click certain links or download email attachments. The Phishers use well known company logos in imitation. Read the email carefully and do not be curious to see any file that has been attached or any link that was provided in the email. Be on the look out for the following:
a. Incorrect spellings. Read the email keenly and take note of spelling mistakes that may be apparent in the email body.
b. Incorrect grammar / erroneous grammar: Poor sentence constructions among other grammatical errors are common in phishing emails. Pay attention and take mental note of the grammar used in the email.
Why are the above a negative sign for a company and positive signs that the email may be a scam? Big companies have well trained team of staff who proof read their emails before sending them out to the masses.
What carries the threat is the outbound links in the email and the files attached so be on look out for the following:
- Anchor texts must match the links. The anchor text is the text used to represent the links. When you hover or place the mouse pointer over the anchor text you will be shown where the target of the link is pointing to. When you place your mouse cursor over the anchor / link without clicking it you will see the link address at the bottom of your web browsers (Opera, Mozilla, Internet Explorer, Chrome). When you hover you should see the target location of the link. Feel free to switch to another browser such as Firefox as your browser. In case of any disparity DO NOT go to that link.
- Counter-check the link urls and ensure they correspond to the business they purport to be. The most important thing for you is to stay keen on the internet and you will not be an easy target for the Phishers and scammers.
- An email attachment may be from a known source and okay or maybe from someone else and malicious. Nevertheless treat all attachments with suspicion. Do not be curious . If the email has failed the grammar integrity test do not bother with the email even if it is from a known corporation. First contact the other individual and confirm the authenticity of the email attachment before you decide to download or delete it.
The famous Lottery scams
Do not be fooled. You haven’t won anything . However if you are too much of an optimistic person you may first call the lottery company to confirm whether you have really won. Just be realistic about the facts at hand. Did you buy the lottery ticket? Is the lottery Company in your Country or state? Does the lottery money correspond to the reality of the bought card? This lottery winning scam has gone on for far too long but still a few may fall victim.
Greetings and Birthday cards
The greeting and Birthday cards linking to malicious websites. We all love the people who are sweet and sensitive enough to remember our birthdays, anniversary and all other occasions. Be smart, Phishers know about your vulnerabilities and they will socially engineer you to get what they want. This reminds me of the lady who was seduced by a good gentleman and had all her money stolen. The ‘good man’ was able to gain her trust and said he was in trouble and asked her to send him money.Of course this was after she had trusted him. He was to refund her the money when they next met. The ‘good man ‘ has never been heard of since. Life lessons. Take your distrust on the real world and embed that in your electronic life. Do not give your information or you might end up taking a loan that you never applied for, go bankrupt since you gave your information to someone who used your details to obtain credit cards or bank loans leaving you in trouble. Follow the phishing attacks knowledge provided in the section on links and attachments above, before you decide to click a link provided in the email.
The Phishers invest in your emotional vulnerabilities. Being without a job is an emotional pain and people would go to lengths to land a job. Phishers know this and they are always coming up with new ways to get to you and scam you off of your need to get a job. Do not be gullible just because you have waited for so long to get a job and you haven’t yet. Do not be vulnerable because if you keep searching and know that at the back of your mind you are qualified and the more you search you will definitely land something. Job Applications online are always scary and should never ever be trusted.
When you apply for a job online and you are asked for any money, never pay , ever. A good agency will ask you for money when you have seen the realness of the job or better off has landed the job or an interview. Some online, in fact a majority of the online job opportunities are scams. This is exceptional to the company website’s Career page which may advertise a vacancy to the public.
As much as most of the online jobs advertised are scams, some services are out to get you employed. Use well known and well trusted services to apply or to seek the opportunity to be employed by the organizations they serve or represent. Some online recruitment agencies are out to make money off of you so be very skeptical about giving money out to any agency. Use services that have been vindicated by people you know. If your friend or anybody you know has been able to acquire gainful employment via a particular service and you are undergoing the same procedures she did then you are free to take the risk with the agencies’ requests.
Remember most of the offers are out to scam you. Nevertheless some of these online job offers happen to be true and well intended. The most effective way for you to know for sure and increase your certainty and trust level is to find out if there are any people you know who have ever genuinely benefited from the same job offers. Ask around on social media such as Facebook and Twitter. Just do something that will put your mind at ease about the online job offers.
Remember this on anti Phishing…
Be informed , stay skeptical and distrust every message till you perform your own investigations. Take all emails lightly do not be thrown by the stern warnings from government agencies or the bank asking you to log in and change your passwords, or your friend inviting you to a party that you first have to contribute towards.
Stay smart and even more skeptical.
The scams out there are so many, this article is intended to give you a general way of thinking so that you can venture into the electronic communication platforms without being an easy target.
The Phishers and scammers are smart and are always coming up with new ways to fool you. You must know you are dealing with smart people who most likely have a good psychological knowledge and know enough about social engineering. They will use your emotional vulnerabilities to get you to cave in. They know what works and have tried them on so many different people.
As I said at the beginning, phishing is like a marketing campaign, target the many hope for a few conversions. Do not be among the few. Stay smart and ever be skeptical.
There are so many more scams that I wish I had the time to go into.I wish I had enough time to cover all of them with you and have you more knowledgeable and prepared for the Phishers and Scammers. Even if I was able to give you all the phishing examples out there, be sure that new ones are being thought of and tried right now. They send you emails, messages on Facebook, they phone you and test out their new scams. Luckily Facebook has a great spam filter but some messages at times manage to pass the filter into you Facebook inbox, that is why you often get messages in your inbox but Facebook alerts you they have been deleted.
Keep in mind that:
- new scams are being formulated daily;
- the Phishers don’t know you and don’t care for you,
- they are out to get your information for financial gain ;
- It is up to you to stay smart and doubtful about every socially engineered message towards you;
- Report all scams so that the emails can be added to the spammers database.
- It is your responsibility and duty to foresee and oversee your security when using the internet.
- You need to keep your computer safe by using latest releases of your anti-virus and the anti-malware software programs on your computer and do not download free software from websites you do not know.
These days we have adblocker add-ons for your browser so you can install them and shut out some of the internet nonsense that keeps flashing on your browser. These ad blocker add-ons block all ads and any popups that may be targeted towards harmful or explicit websites on the internet.
How to install the adblocker add-on
1) Mozilla Firefox
i) On the Menu Go to Tools -> Addons
ii) On the window that appears click on Get add-ons
iii) Search for adblocker in the window that appears
iv) Read the description for the results and choose any one of the results by clicking install. I prefer adblock plus
v) Restart Firefox browser and browse on a cleaner browser window
2) Google Chrome
i) Go to chrome settings then choose settings
ii) On the settings window choose extensions
iii) Scroll to the bottom and clock on Get more extension
iv) Search for ad blocker and install/download
Internet and Email security
- Do not use similar password on all your email accounts and social networks (Facebook, Twitter, LinkedIn, StumbleUpon etc)
- Use unique alphanumeric passwords at all times and do not use the same complicated password on all your password protected websites and portals. Be dynamic.
- Keep all your passwords to yourself . Never disclose your passwords to anybody regardless of how much you trust them. The may be careless with your passwords and make your accounts vulnerable to attacks. So no sharing of your passwords.
- Always log out from any computer you use.Especially the CYBER CAFE Computer.Do not check the remember passwords on any sites when on a public computer
- Do not be lured in by the free labels on the download buttons or websites. If you have little information regarding the download avoid it.
- Check and validate links . Do not click any outbound links blindly, double check that the link corresponds to the intended page or target (use the methods above)
- Attachments are very malicious in most cases. Don’t download any attachments without any prior knowledge about their safety. Do you know the person who sent the attachment to you? Had you gotten a heads-up that the attachment will be sent? In other words was the attachment expected?Having read the entire email, can you validate and justify absence of phishing and social engineering?Any Phishing signs should throw you off.Is the company correctly representing itself? Has the company raised any doubts in your mind with social engineering tactics?
Your suspicion and paranoia will always guarantee the safety of your computer and internet life. Do you agree?