Let’s go on a Phishing Expedition Pt. I

Who needs a gun to rob a bank when you can use a mouse?

Banks have always been the target of robbers, and some of the biggest heists have been carried out by thieves who never even set foot inside the institution: hackers. These techy bank robbers are known as phishers. They are in particular after small, regional banks—as well as their customers.

Phishers can work in solitude or as part of complex rings, usually from Russia.

Phishing is incredibly easy to pull off. With phishing campaigns, cyber thieves trick people, including highly educated ones, to type into a login field or other field the following sensitive data: credit card number, Social Security number, bank account number, phone number, password, username—anything goes. Cybercrooks use this data in many ways to steal money and that includes identity theft.

Phishing Explained

Phishing refers to a type of e-mail—one sent by the cyber robber. A common format is that the e-mail’s subject line lures the recipient into opening the message, such as “Your PayPal Account Is About to Be Suspended.” And if by large chance the recipient has a PayPal account, he will often open up this e-mail.

There’s a brief message explaining something about account suspension, and that to prevent this, the recipient must log into the account and verify something or other. Below the message is a link to PayPal to log in.

They click the link; it takes them to a site that looks like PayPal. They type in their login data—which the sender of the e-mail, the thief, will get. You have $5,000 in your PayPal account. Thief has your PayPal e-mail and password…

The e-mail may prey upon emotions rather than fear, such as claiming to be from a reputable charity.

The thief may play on other kinds of psychological dynamics, such as structuring the message to appear it came from the recipient’s medical coverage carrier or UPS.

At any given time, many people are awaiting a UPS delivery or are signed on with the major health plan carrier that the cybercrook is spoofing. At any given time, a demographic owes back taxes—and some of these people will respond to phishing e-mails spoofed to appear that they came from the IRS.

It’s called social engineering: tricking people into behaving a certain way without them knowing. They are lured to the malicious website where they enter sensitive data.

Another form of phishing is when just clicking on the link will download a virus. Yet a third form of phishing is when there’s an attachment, that when clicked on, will download a virus. It’s so easy to lure thousands of people into clicking on an attachment that appears to be from your bank, employer, medical carrier, even someone you know (yes, phishers can make e-mails look like they came from someone you know).

Warning Signs of Phishing E-mails

  • Instead of addressing you by name it says “Dear Customer” or something like that.
  • A request for personal financial information or a password, credit card number, etc.
  • The subject line is dramatic; contains words like warning, suspended, deactivated and prize. Or, the topic is unexpected, such as “You gotta see these pictures!”
  • Typos, and especially really poor sentence composition and spelling.
  • Unfamiliar sender address, but often, phishers make the address appear that it’s from a major company or the IRS, etc.

Solutions

  • It’s simple: delete, without opening, e-mails that have ridiculous subject lines.
  • If the message seems like it really is from your bank or employer, do NOT click the link. Call the outfit first.
  • Use your browser’s anti-phishing protection.
  • Never enter private information in a form inside the e-mail.
  • Keep your browser up to date; never put off letting the updates be done.
  • Routinely check your bank and card statements for any suspicious activity, and report it immediately.