Information technology has many layers of complexity that can make the task of improving your understanding seem quite daunting. However, there are a few rudimentary things that even some professionals in the industry seem to overlook. The focus of this discussion is to delve into the topic of Phishing (pronounced “fishing”). For many individuals, they have heard this term before but do not have a solid grasp of what phishing means, the dangers of phishing, nor how to protect against it. The easiest way to define phishing is by saying that it is a scam which attempts to deceive the intended target to provide the criminal with sensitive information such as important passwords or even credit card numbers (Vahid & Lysecky 2017. Ch. 8.4). Unlike many types of cyber-attacks which attempt to infiltrate your private information by bypassing a security feature within your computer this one is reliant on the user to initiate it. For example, today I received an email with a common phishing scam from the “Social Security Agency” informing me that I have “a warrant for my arrest, but it can be taken care of by providing bank information to resolve the outstanding debt.” This is clearly a deception that is focused solely on attempting to use fear to coerce me into providing the thief with sensitive financial information.
So, how do you defend against what often look like genuine correspondence via email? A popular website that I frequent provides an outline of five specific ways that can help you to not fall prey to a phishing scam. The five things that the author Mike James (2017) suggests for you to look out for are:
1. If the email asks you to confirm personal information.
2. If the web and email addresses do not look genuine.
3. If it’s poorly written.
4. If there’s a suspicious attachment.
5. If the message is designed to make you panic.
As you can see from the list, the example I provided above highlights a few of these things to look out for in that it was a badly written email which wanted my bank information and was designed to make me panic. Historically, these types of email would end up in your junk mail folder and you would not likely ever have seen it. However, phishing scams are becoming more and more sophisticated and are finding their way into your regular email inbox. They have also been used in conjunction with viruses to attempt to fool you into opening the email or the attachment to have you unknowingly download a virus or other malicious programs onto your system. Odds are that if you are a human being like the rest of us you could fall prey to a phishing scam, but what does one do in that situation?
The Department of Homeland Security (DHS) provides some important resources for individuals who believe they have suffered from a phishing scam. For example, the DHS provides step by step information on should you become the victim of identity theft, and the steps you can take to recover from this incident. In addition to the resources the DHS also allows individuals to submit these scams so they can be thoroughly investigated. I am including the link to their site should you wish to review it https://www.us-cert.gov/report-phishing.
Phishing
scams at their best are annoyances which cause us the wasted effort of having
to delete them, but at their worst they can compromise our sensitive
information to an extent we might not be aware of. The good news is this type
of scam works well in an environment of complacency but does not thrive if you
are aware of what to look for. By reviewing the information provided and being
proactive you can reduce the likelihood of becoming a victim to this type of
cyber-attack.
No comments:
Post a Comment