How could Phishing possibly work?

Is phishing such a successful scam because there are so many brilliant crooks out there? Or is it because there are so many not-so-bright people out there? Well, it’s fair to point out that many phishing e-mails look very legitimate and fool intelligent, professional people, while others are just so obviously a scam and you wonder how anyone can fall for them.

Researchers from Harvard University and UC Berkeley found that phishing sites fooled 90 percent of the study subjects.

These phony sites do look real…but the whole objective is to avoid visiting them in the first place! You won’t have to worry if the site is real if you don’t get suckered into visiting it in the first place.

Why do sophisticated users fall for phishing attacks?

  • They lack knowledge of red flags. For instance, a few typos are a red flag, but being that even doctors have been known to misspell words, the user might simply think, “Gee, who proofreads their memos?” and then click on the malicious link…
  • A subtle difference in the characters of the domain name (typejacking) can fool a non-observant person.
  • Preying on emotions. People’s guards are down when they are emotionally charged up. For example, phishing scams surfaced in response to the great tsunami in Southeast Asia. E-mails lured people to fake donation sites. Hacksters really hopped on the Katrina disaster, sending e-mails for non-existent jobs.
  • Domain names can fool some people because they sound legitimate, such as katrinahelp.com.
  • Imagine someone seeing photos of ravaged towns in the e-mail, then clicking on a link that brings them to a site with more alarming photos, then instructions on how to make a donation using a credit card.
  • Imagine someone filling out an online form to apply for work as a hurricane relief helper—giving out enough information to the scammer to open up a line of credit in that person’s name.

    Warning Signs of Phishing E-mails

    • Subject lines with exclamation points, threats or notifications you’ve won money.
    • Subject lines of some new weight loss drug or erectile dysfunction miracle potion.
    • Oddball subject lines like “Get back to me,” or “Job opening for you,” or “Hello.”
    • E-mails requesting any kind of personal information like passwords, bank account information and home address.
    • Your name is nowhere in the message. It’s addressed to “Customer” or some other vague term.
    • Typos. This includes incorrect punctuation, extra spaces in between words and incorrect subject-verb agreement.

    What to Do

    • Do you know your contacts well enough to know what’s normal and what’s not normal for them as far as e-mail correspondence? Would your grandmother send you a link to a video of an elephant crushing a keeper?
    • Some phishing e-mails contain malments—malicious attachments. These will download a virus when opened. If someone you’ve had very little contact with suddenly sends you an attachment, assume it’s a malment and delete the message.
    • Just because you recognize the sender’s address doesn’t mean it’s a legitimate link or attachment. Hackers have gotten into people’s address books, and that’s why they can send you a scam e-mail with a familiar sender address.
    • Even if the sender address seems to have come from a reputable business, do not click any links or open any attachments.
    • Never fill out any forms inside an e-mail.
    • Make sure your browser is always up-to-date.
    • Use the anti-phishing protection offered by Internet Explorer, Chrome and Firefox.

    You can become phish food and not know it, so regularly check your bank and card statements for unfamiliar purchases, even tiny ones (identify thieves sometimes start out small).