Blog > Life

Phishing - Don't Let It Happen To You!

     What is phishing? The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. This personal information that is obtained can be things such as passwords or credit card numbers. You yourself have probably received an email or two stating that your bank needs you to verify your info or perhaps that you need to log in to a known website you commonly visit to confirm some information.

     Phishing commonly is the act of impersonating someone else with the intent to extract personal, often extremely sensitive information from you, so that it may be used for malicious purposes. Phishing frequently is used to get passwords to your accounts, credit card information, or extremely sensitive information such as your social security number.

     Phishing emails have been around for a long time. Some are extremely easy to spot, while others can fool even the most alert people. Here is a recent example my friend sent me. This a screenshot of the message he received below.

    As you can see from the above screenshots, they name a trusted bank and make it seem trustworthy by telling you not to share the code with anyone. This is the hook, which gets the uninitiated to call the number, however a quick search online will reveal that when you call this number, an automated system answers (one that is different from Bank Of America’s automated system). The automated message tells you that your card has been compromised. The message will then ask for your credit card number (you know the one that will be compromised if you give them the number).

     Always be careful. The tactic here is to get you worried so that you are stressed out and to catch you off your guard.  You should always Google the numbers that call you if they state they are a representative of your bank. Phishing attempts happen quickly. 

     I have another friend who received a call from who he thought was USAA asking him to verify some info. The call seemed unprofessional and got cut off after he verified his info. They asked him for his debit card Pin (a big no no). He called USAA back and they seemed confused. Within the next hour, he had close to 10k in withdrawals from his account. These people often want the security questions for your account, so that they can call and impersonate you. The people who called used his information to call USAA and state that they wanted to increase the ATM limit of his card. The people behind these types of phishing scams are often good at Social Engineering. They will say, “Oh I am currently travelling and need to withdraw some cash because of an emergency”.

     Always be wary of filling out information online. Some phishing scams even attempt to recreate the website entirely. This makes it look like you are logging into your online bank account, when in reality you are just logging into a cloned website, which is a portal that someone created to steal your information. You must absolutely be careful when you click links within your email. It is always better to enter the URL into your browser.

     The most important accounts you have are your primary email accounts, online bank accounts and any other accounts that contain money (cryptocurrency accounts). I would highly recommend that you use different passwords for these accounts. It sucks if your password for the forum you frequent is stolen, but it will not cause you any financial loss. If however, they have your bank login details, you are in a world of problems.

     Often times smaller sites are hacked and hackers then have access to your email address and password for that site. People often use the same password for many websites, so a hacker will then try to check if they can get into your email. If they can do that, they will try to extract and download anything sensitive (tax returns, scans of IDs, account information etc).

     There are a few ways you can protect yourself. One way is to check your online accounts regularly to monitor any suspicious activity. Another step you can take to protect yourself is to use a 2-factor authentication system on your important accounts. You can use text message or an app on your phone (Authy or Google Authenticator). They will send you a text message with a code that you have to enter, or you have to enter a code from the authentication apps. It is a little annoying, but it is much more annoying to have your bank account compromised (you may have to file a police report, cancel your current credit cards, and talk on the phone to clear the situation and figure out how exactly your account was compromised). If you have a cryptocurrency account compromised, you can pretty much kiss that money goodbye. The good thing is that for accounts such as your email, you can turn off 2-factor authentication for computers you use on a regular basis. This way you only need to enter the code on devices that you have not used before (a friends computer).

     If you are the victim of phishing, immediately change your passwords and contact the appropriate parties such as banks and credit card companies. Monitor your account for any suspicious activity. Phishing attacks evolve with technology so make sure to always be a little skeptical. Newer fishing techniques involve the use of social media accounts. People may pose as your friends in an attempt to get you to send some money to them. A lot of phishing attempts happen at the workplace. People will target the workplace and send email attachments in an attempt to compromise your computer. Your company should provide some sort of training regarding this. Phishing attempts also try to target people who are less technically savvy such as the elderly or children. Educate yourself and stay alert and you can easily avoid falling victim to a phishing attack.