Phishing for Trouble

May 13, 2013

by Jeanine Vecchiarelli             return to JayVee Media Link LLC

Staying safe online is becoming a more daunting task with each passing day.  Reports of malicious activities are steadily increasing, and perpetrators are becoming more resourceful in their efforts to part us from our sensitive personal information.  Every one of us can likely count multiple examples we’ve witnessed recently among some of the most popular vehicles for malicious activity:

Posts that pique curiosity or play on emotion

malicious Facebook post

We see them all the time.  Direct messages on Twitter that say things like “What are you doing in this picture??  LOL” or “Hey people are saying some really nasty things about you.  Terrible.”  These statements are followed, of course, by short links that virtually scream to be clicked.  Then there are the ad-type messages we see on Facebook, bearing such enticing messages as “Do YOU have Facebook stalkers?  Click here to see who is checking out YOUR profile now!”  Taking the bait on any one of these posts will land us in a world of trouble, ranging from replicating the malicious messages and sending them to everyone in our contact lists to stealing our identities and other private information.

The number one way to avoid becoming victims of scams such as these is to remember that the messages are not true. They are fabrications meant to entice us to click their accompanying links. If we harbor any doubts at all, instead of clicking we should use a link expander such as LongURL. Pasting the message’s link into such a tool enables us to see its long form version.  In most cases that should offer all the convincing we need.

malicious Twitter direct message exposed

Spoofing

Much of the malicious mischief taking place recently has been in the form of spoofing.  This tactic entails taking names from our contact lists, using them to open up bogus email accounts, and then sending messages with malicious links to us and others in our contact lists.  Obviously, the thinking is we are more likely to trust links/attachments contained in email messages we think are from friends.  Unfortunately, the perpetrators of this nastiness are exactly right in their assumptions.

Do know that even if our names are taken for spoofing it doesn’t necessarily mean that our accounts were hacked.  If the email addresses attached to malicious messages are not ours, chances are the perpetrators just took our names to mask their dirty work.

The only way to protect ourselves against spoofing attacks is to treat every message attachment, regardless of from whom it appears to come, as though it was coming from strangers.  Unless we are expecting to receive one, we need to message our contacts to confirm they did indeed send us an attachment.

Phishing

We all have been “phished” at least once in our online lives.  My most recent experience was a few weeks ago.  I received an email, supposedly from Paypal, informing me that there was a problem (undisclosed, of course) with my account.  I needed to sign in via the link provided and update my information to resolve the issue.  These emails can look indistinguishable from the real things, and clicking on their links will take us to phony sites that look identical to the real ones.  The only way to tell they are fakes is to try all links on the “sites.”  This is not foolproof, but usually the only link that will work is the one they need us to click in order to deliver our personal information.  So the only way to ensure safety is to remember the golden rules:

1. No reputable business will ask us to reply to its email messages or click links contained within them to supply personal information.  If the messages request such info in that manner DO NOT RESPOND.  Report/forward the messages to the actual business sites that are being impersonated, then delete them.

2. For confirmation and peace of mind, it is advisable to check any of our sites we suspect may be victims of impersonation.  This needs to be done by opening a new tab in our browsers and manually typing in the URL for these sites.  Never, NEVER attempt to visit them by clicking links provided in suspicious emails.  Chances are excellent they will take us somewhere we do not want to go.

phishing attempt exposed

What form of suspicious communication have you received most recently?  How did you handle it?  Please share your experiences in the comments section below.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s