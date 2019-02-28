Fishing for tarpon, snook or redfish? Shrimp and mullet are said to be some of the best bait lures.
Phishing for fraud? That’s when online scammers send out bogus emails or text messages impersonating a trusted source. The prized catch? Stealing valuable personal information.
Many scammers play a numbers game, casting big nets pretending to be large, well-known companies. But they still need tempting lures.
Like a Bank of America alert that it’s locked your account due to unusual activity. Or Verizon notifying you that your $932 bill is available to view online. Or American Express confirming a change of address. Or Comcast advising that it’s unable to process your payment. Or Amazon telling you a $50 Prime Reward balance will expire shortly. Or Apple confirming a recent purchase.
If you received one of these emails from a company you do business with, what would you do?
“Think you’ll never click on a link or download an attachment in a phishing email? Think again,” warns the Identity Theft Resource Center. “An attacker sending 10 phishing emails has a 90 percent chance one person will fall for it. What makes phishing emails so effective is that they look like normal emails from organizations you’re familiar with or people you know.”
Other phishing imposter scams include bogus emails from FedEx, UPS or the U.S. Postal Service regarding package delivery problems. Clicking a directed link installs dangerous malware.
“Phishing scams trick web users into downloading an infected file, clicking a toxic hyperlink, or giving up private information, which can lead to identity theft,” explains thestreet.com. “The most common types of attack result in a hacker gaining access to sensitive information (like the password to your online banking site or your email account), access to the information you store on your laptop or mobile device, or even control of your device.”
So, keep your guard up. Especially with impersonal emails addressed to “valued customer”, “client”, or “cardholder.” Other telltale signs include spelling and grammatical errors.
In addition, be particularly suspicious of emails requesting urgent action.
“In general, companies will provide adequate warning and give ample time for users to respond to potential issues. Take a few moments to breathe and calm down if you receive an email demanding an immediate response,” cautions business technology website TechNative. “If an email is designed to cause panic, there’s a good chance it’s not genuine.”
The website also suggests developing a habit of hovering your cursor over links in emails to see where the URL actually points.
To make matters worse, Wombat Security warns of a huge surge recently in phishing sites using HTTPS encryption. That “s” stands for secure and should be trusted.
“The problem this trend poses is that many people wrongly assume that a site with HTTPS encryption is safe to use,” cautions Wombat. “While HTTPS does indicate a site is secure — any data exchanged with it is encrypted — that doesn’t mean it’s safe. Attackers are taking advantage of this confusion and using it to fool victims.”
So, take some time and think before you click.
If something smells fishy, self-initiate verification by typing in the suspected company’s URL address or calling a customer service number you know is legitimate.
And never provide personal information, send money or give access to your computer to anyone unknown contacting you.
Always remember, when you’re online — using email or social media — you’re a potential prized catch.
Think you can spot when you’re being phished? Google has a short online quiz. Take it at https://phishingquiz.withgoogle.com. It’s an eye-opener.
Finally, the Federal Trade Commission requests forwarding any suspected phishing emails to spam@uce.gov as well as the organization impersonated in the email.
David Morris is the Sun‘s consumer advocate. Contact him c/o the Sun, 23170 Harborview Road, Charlotte Harbor, FL 33980; email david.morris@yoursun.com; or leave a message at 941-206-1114.
