VOL. 131 | NO. 123 | Tuesday, June 21, 2016
Avoid Being Catfished by Phishing Scams
PATRICK TAMBURRINO | Special to The Daily News
One of Snapple’s current commercials spoofs email scams by reimagining how such a communication would come if delivered via the telegraph in the 1860s. The telegraph operator calls out to his friends, “A prince wants to give us $20,000. All he needs is our social security number. ...We’re going to be rich!” They all cheer at their anticipated windfall as one shouts, “Horses for everyone!”
While we’ve all heard about spamming scams for the past decade, it’s still surprising how many people fall victim to them each year. More than 156 million phishing emails are sent daily, and in many cases the source can seem legitimate.
Sophisticated hackers use subject lines or “from” names that at first glance appear to be their CEO, bank, internet service provider, university or another trusted source, and then bait them with a spoofed website or otherwise get them to disclose private data like passwords or credit card information.
Fortunately, the majority of phishing emails get caught in the spam filter. Still, millions of these messages are opened each day and hundreds of thousands of links are clicked.
One main way to tell if an email is a phishing scam is its sense of urgency to act in order to avoid losing something. By nature, phishers use social engineering tools designed to induce panic in the reader. Responsible companies would never take actions like these over email.
The next time you receive an email that’s too good to be true or demands urgent financial attention, follow these simple steps to keep yourself and others in your network protected:
• Don’t click the link. One simple click of the mouse is all of the bait the phisher needs to infect your device with malware. Then, all of your contacts are at risk of being targeted as well.
• Don’t be fooled by logos or graphics. Phishers are sophisticated and will go to great lengths to appear authentic. A quick Google search can lend them all of the aesthetic assets they need to add credibility to their case.
• Confirm with the source. If your CFO suddenly needs a money order that you all hadn’t discussed previously, give him a call and confirm he sent the request. Don’t reply to the email.
• Change passwords immediately. This will keep phishing attempts at bay in the short term. Get in the habit of resetting passwords every 90 days, and including a special character and number to make them harder to crack.
Phishing attacks vary in their level of complexity depending on the attacker’s objective. Some are specifically targeted at executive officers within a business or organization depending on the information the phisher is trying to divulge. When in doubt, consult with your IT support staff.
Patrick Tamburrino, the president of IT strategy, support and management firm tamburrino inc., can be reached at firstname.lastname@example.org.