Phishing isn’t about Trout Season Opening Day

May 9, 2017

A new Pew Research Center survey titled "What the Public Knows About Cybersecurity” revealed some startling statistics about how little most Americans know about cybersecurity. While most Americans understand the need for strong passwords and know public Wi-Fi hotspots are not very secure, a surprisingly low number of respondents to this survey were able to explain what phishing is or how to determine whether the website they are about to put the credit card info into is secure.

Because of this we are going to take a look at phishing today. Phishing is a fraudulent act committed by cybercriminals to gain sensitive information they can use for illicit gain. These attacks typically come in the form of an email message that looks like it is from a reputable source, like your bank, your credit card company, Amazon, or so many others. These email messages will usually tell you there is a problem, or will make an offer that is “too good to refuse” and direct you to a link that takes you to a webpage which looks just as real as the email does.

Here’s where the problems start. Several things can happen when you click on the link:

* You can inadvertently install malicious software onto your computer (i.e. a virus)

* You can open access to your servers or network for cybercriminals

* The website you are directed to will be phony

* Many other things that allow cybercriminals to exploit you

I’ll not go into all the viruses that can cause so much trouble for you if you click on a link and they start to download onto your system. However, being sure your antivirus is up to date, or better yet, having a managed service provider handling your network security will help to alleviate concern over these viruses.

Nothing will help you though if you click on a link and then start to fill out information on the page you are sent to. This is how a phishing attack gets your personal information.

I remember maybe ten years ago when a very distraught friend of mine called me because her bank account was emptied in a matter of minutes. She had received an email saying her account had been hacked into and they needed her to login and change her password immediately. She did. However, part of changing your password is putting in your userid and existing password. As soon as she entered those, nothing else mattered, the cybercriminals used her userid and existing password to log on to her online account page and transferred all her money to other accounts.

Beware of phishing attacks. They can be disastrous. Here are a few things to look out for that might clue you into a phishing attack:

* Misspelled words or bad grammar

* If you see a link in an email, rest your mouse on the link and make sure the URLs match

* If you receive an email saying there is a problem with an account and there is also a threat of blocking your account or some other action, be concerned about phishing

* Remember that you bank, credit card, or other financial institution will never ask you to enter your password via email. Instead of sending you a link they will ask you to visit their webpage.

Following these simple steps can help you avoid phishing scams. Remember, cybercriminals are very smart and very informed. They are experts at taking advantage of the typical person’s limited

knowledge of network security. Ask your IT or Managed Services Provider to give you more information on avoiding scams like these.

Rusty Jones

ACS Staff Writer