Black people have a saying “You got caught slippin’.” That is basically what a phishing attack is, catching someone off guard.
Phishing comes at you in many different ways. It can be an email, a text message, a phone call or even in the mail. It could even be a website you visit. It is designed to do one thing and that is get information that can be converted into money. That information can be a social security number, a credit card number or even a phone number. All it requires is for the person to be gullible.
Criminals use social engineering to get you to download malware or to give up information. Malware is software that damages or otherwise infiltrates your computer. Once inside it can do things like steal user names and passwords. How? By installing what is known as a key logger. This malware records everything you type into your keyboard and every site you visit and even your emails, word for word, and sends them to the criminal.
Another facet of social engineering is a person on the phone who coolly talks you into giving up valuable information. They may claim to be from your bank, credit card issuer or someone else you may or may not do business with. Be aware!
Other callers may not be so cool. They may be threatening. Phishing calls may threaten lawsuits, or to have you arrested if you don’t give up money or information. It happens all the time.
Microsoft offers a great article about what a phishing attack may look like but that is just one of many ways an attack could take place.
Phishing attacks can be super sophisticated or incredibly simple. But the bottom line is someone was not aware of what was happening and the results were disastrous. For example the breach at Target stores was the result of an email sent to a vendor who worked on the air conditioners at the stores. The vendor and the stores computer system was linked together. The malware worked its way into the Target Stores system and stole 40 million credit card numbers; all because someone clicked on an email attachment.
So here is some good advice.
If you receive an email attachment, from a friend or co-worker and you don’t expect it or you don’t know who it is from DON’T CLICK ON IT! Call and ask them if they sent it and what is it.
Never ever click on an attachment from a bank!
Never, ever click on a CONFIRM link in an email!
Never ever share email user names and passwords with anybody!
Make a practice of scanning email attachments with a good anti-virus software.
You have to be really alert. Phishing attacks do not discriminate. Attacks can happen to Apple or PC computers. And smartphones are the best possible platform to launch an attack.
Phishing may come in the form of a bogus webpage. There are literally thousands of phony webpages on the web. These are sophisticated copies of banks or other business webpages and look identical to the real thing. But here is the key, check that web address bar. Or use your mouse to hover over the link in the email. Check the web address that appears. Look for something funny in the name. Check the spelling and grammar in the email for mistakes. Does it have a country code at the end like RU or TZ? Is it just a group of numbers that look like this 112.005.45.67? It’s probably a fake. Avoiding a phishing attack requires knowledge, vigilance and a good dose of common sense.
Let me be straight with you; black people know a good job is not easy to come by. So if you have a good job you can kiss it goodbye if you download a virus or malware into the work computer system. Do I need to say more?
Make yourself familiar with the way your bank does business. How do they contact you? Do they use email? Regular mail? Do they call? Set up your own contact methods with them. And never use a phone number or website that appears in an email message. Get to know your banks web address and phone number by heart so you recognize the fakes immediately.
A criminal may call you pretending to be from your bank, credit card issuer or a business. Don’t answer any questions; NONE. A social engineering attack will get you to answer seemingly harmless questions but when combined they add up to good information. That is how identities get stolen. If you get a call like that then it’s you who should be asking the questions.
Here is phishing attacks that have been spreading around the web. An email from the National Institute of Health and Care Excellence (NICE) claims they were sent a sample of your blood and your white blood cell count is low. They suspect you may have cancer. Please print out the test results from the attachment and visit your doctor immediately. Didn’t I tell you not click on email links or attachments!
If you want to see what other phishing attacks are spreading on the web please visit Snopes.com.
And don’t get caught slippin’!