Scam artists have been exploiting the power of the Internet from its very beginning. Lately, you see fewer of the signature bogus emails written in broken or misspelled English promising big rewards if you just send money now. This doesn’t mean these phishing schemes have gone away, they’ve simply become more sophisticated.
Equally concerning is a report by Internet security provider Proofpoint documenting that phishing attempts on social media platforms increased 500% at the end of 2016.
All of this should come as no surprise given the recent news coverage of international hackers going after individuals, businesses, and even governments. Most recently there have been attempts to cripple the U.S. electrical grid and, of course, a major credit reporting agency breach.
While there are other ways to hack into computer systems, the most common method uses phishing techniques to either obtain sensitive information or place malware into a network.
This means all of us must be more vigilant in the way we treat emails and social media posts. Oh, yes – and telephone calls. Some criminals are using old school phone calls to “verify” or obtain information that make it easier to run scams via email and social media.
Here’s what to look for:
- Email addresses. Before you open a suspicious email, look at the sender’s address. Scam artists may use legitimate looking company logos and a recognizable name (often the CEO or company owner of your or another familiar business) when requesting sensitive information. The address may even have the company’s name in it, but with added characters and/or another country’s identity at the end. Often these phishing schemes will claim to need your information for benefits issues, tax purposes, etc. Don’t open anything with a suspicious address.
- Web site URLs. If an email or social media post invites you to visit a Web site, mouse over the HTML link to see the complete URL. As above, if the address looks at all suspicious, don’t go there. Also avoid unsecure Web sites. Look for https in the URL rather than just http. The “s” indicates a more secure site.
- “Returned” emails. We all recognize that an error or change in an email address triggers a failure to deliver email. However, scammers use bogus, but official looking, Delivery Status Notifications to lure you to a Web site or to download malware. Beware.
- Wire transfer requests. Scammers find out about large wire transfers, for example when innocent people buy or sell a home. The thieves send a legitimate looking email or call representing themselves as the “agent” requesting the wire transfer protocol. Then they transfer the funds to an offshore account. In the business world, the twist is to request bank account information on the pretext of wiring payments or refunds, then cleaning out the account. Never disclose this kind of information without verification from the genuine parties involved.
- Phone calls. A smart plan is to routinely ignore calls from unknown sources and let them go to voicemail. Treat all calls requesting information as suspicious. Tell the caller you’ll call back and request a phone number. Chances out you’ll hear a “click” as they move on to the next target.
- In sum: Trust your instincts. If an email, phone call or social media post looks at all suspicious, don’t do anything until you check it out. It’s far better to err on the side of caution than become a victim.
- Report phishing attempts. Send suspicious emails to the federal government at spam@uce.gov. You can also send them to the Anti-Phishing Working group: reportphishing@apwg.org to help IT security companies track down and stop phishing scams.
Sadly, all of this means we have no choice but to be suspicious of virtually all communications that are not from confirmed, known sources. We must verify before responding to phone inquiries, social media posts or suspect emails. And if an offer looks too good to be true…well, you know the rest.