A little planning now may help shield you from identity theft later.
“You Paypal account is on hold. You must log in immediately to update missing information or we will suspend account. Enter you log-in here.”
I received this email in my inbox recently. It encouraged me to click on the link to go to my Paypal account and update my information.
Receiving an email like this in my email might have been a cause for concern, except for three things that caught my attention:
1. Paypal — like all reputable and secure sites — won’t ask people for their log-in information.
2. Emails from large companies like Paypal usually use good grammar —for example, they know the difference between “you” and “your”.
3. I was pretty sure the outgoing email address for Paypal is not “email@example.com”.
Emails like this are generally referred to as “phishing”.
Phishing is defined in the Oxford dictionary as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”
These phishing efforts are intended to do one of three things: get your private information so they can steal your identity; extort you for money directly; or install malware on your computer often for ransomware attacks.
The most common phishing email is looking for your credentials: your log-in and password. Once the scammers have your log-in and password, they can then access confidential information like your credit card information, address, and birthday. They can also use your email and password combination to try to access your accounts on other websites since many people re-use the same passwords across multiple sites.
It is also increasingly common to receive extortion emails. A common one was sent to my friend recently. The email told her that they had filmed her “enjoying” an adult video site and if she didn’t want them to publicly post the film of her pleasuring herself to the videos she needed to send them money.
Fortunately, my friend is smart enough that she didn’t fall for it. Knowing that she had not visited any adult video sites and that her laptop camera was blacked out also helped. However, for many people, an email like that might have seemed more ominous.
The benefit of this one is obvious. If you received this email and you had recently enjoyed such a site, you might be tempted to send the scammers $1,000 to make sure they didn’t publicly embarrass you.
Installing malware is also a goal of many internet thieves. Malware can do everything from harvesting your private information (log-ins, passwords, credit card numbers) to hijacking your computer to use it for stealing from others or launching data breach attacks on big companies.
Is phishing really that big of a deal?
Phishing is a huge problem for all of us, and getting worse every year.
An estimated 4% of all emails are phishing attempts. In March 2020 alone, over 60,000 phishing sites were reported to cybersecurity experts.
Microsoft found in 2019 that phishing emails had increased 250% in one year.
I believe it. I have received twelve phishing emails in the last two days. Almost all of them purported to be from either Paypal or Apple.
Cybersecurity company Avanan reports the two most popular brands phishers attempt to impersonate are Microsoft and Amazon. Paypal and Apple are also popular targets of scammers.
Chances are good you have received one or more phishing emails in the last month that, at first glance, appeared to be from one of these four major companies.
That makes sense when you think about it. Most of us have a relationship with one or more of these services, so it makes a person more likely to believe that they are being contacted by the company. All they need is for someone to be fooled by their look-alike emails, or not paying close attention, and they have got you. Throw enough darts and one of them is bound to hit a bullseye.
Banks and credit card companies also frequently appear in these fraudulent email messages. If you send enough emails pretending to be from Wells Fargo, sooner or later you are bound to hit the email of someone who is actually a Wells Fargo customer.
Other popular options for impersonation include the IRS, the Social Security Administration, and insurance companies. Again, it’s about the likelihood of reaching an actual customer who will be fooled.
How can we protect ourselves from being scammed?
Here are some tips from security experts on how to reduce your chances of being a victim:
1. Never respond to these phishing attempts. It might be tempting to mess with the scammers but your response only confirms your information and lets them know they have a good email. That increases your risk.
2. Verify the sender before you open any message. Look carefully at the name and the email to see if it looks legitimate.
3. Forward the email to your email provider or use the “Report phishing” option in your email menu.
4. Forward the email to the company that they are impersonating so they can report it and investigate it. If you look on the company’s website, they will likely have a dedicated email to receive complaints of phishing and spoofing.
5. If the email tells you that your password has been compromised or you need to verify something, close the email and go directly to the company’s webpage and log in to see if there are any requested updates to your information. Do this even if you are pretty certain the email is legitimate. Spoiler alert: it likely is not.
6. Never click on any links, downloads, or attachments in the emails no matter how real they look. You may be curious about what they are up to, but clicking on these links will only cause you headaches.
7. If the email is attempting to extort money from you, don’t panic. They are almost always using generic information and betting that it will just coincidentally apply to you.
With COVID stimulus checks coming out, the scammers will be even more interested in separating you from your money. Major shopping holidays like Christmas and Valentine’s Day will also encourage the scammers to flood you with phone emails.
Stay vigilant — pay attention, be suspicious, and when in doubt, delete!
#identitytheft #phishing #spoofing #cybersecurity #thieves #scam #computer #internet #email