The Common Characteristics of Phishing: Recognizing the Bait Before You Bite
Most experienced Internet users believe they can recognize email phishing ploys and probably feel confident that they will not “take the bait” by erroneously clicking on a malicious email. Meanwhile, the U.S. Justice Department reports that in 2010, 8.6 million families in the U.S. had at least one person over the age of 12 who experienced identity theft. Further, in the first quarter of 2012 the international industrial law enforcement group APWG (Anti-Phishing Working Group) reported that 392 brands were targeted by phishers and hijacked. This number represented an all time high.
Despite sophisticated prevention software, individuals and business owners must pay special attention to phishing tactics that entice individuals and even younger (or senior) household members to divulge personal information.
Here are some tips to remember for avoiding some of the more common phishing tactics:
1. Understand and Be Aware of the Many Facets of Phishing
With identity theft on the rise, business owners and heads of households may want to invest in specific training to educate employees and family members about Internet and data security. Phishing typically involves an email message, instant message (IM), or pop-up window enticing the viewer to click on a link. This link may contain malware specifically designed to steal identity-related information from the user directly or by obtaining access to certain computer files or personal information. Some common schemes and scams that may use phishing techniques include the following:
- Email that looks like it is from a legitimate source (bank, utility company, credit card company, etc.). Users enter personal information only to find out later that the inquiry was phony.
- Instant message from a person whose name is like someone you know. Users respond to a series of questions that may appear like a trivia game or which may include personal queries like a mother’s maiden name.
- Unsolicited email about a business opportunity. User enters “pre-qualifying” information and then find out the “opportunity” was bogus.
- Work at home or health/diet email messages with links attached. Similar to the work at home scheme.
- “Guaranteed” lines of credit. These can appear extremely legitimate and consumers enter personal data and then find their accounts compromised.
- Links or attachments regarding “putting your computer to work for you” are similar to the work at home scam.
- “Urgent” email asking for money for a friend traveling abroad. Users enter banking information only to find out the email was actually from cyber criminals.
Because many of the phishing schemes may mimic legitimate communication quite convincingly, the unsuspecting victim may click on the link and give out their information only to find out months later that the site was fraudulent. In addition, as more and more children use computers while unsupervised and senior adults are using computers more; these two vulnerable groups are currently major targets for cyber crimes.
2. Invest in Education, Protection, and Monitoring
On the home front, educating family members about cyber-security is more important now than ever before. Monitoring credit reports is one way to keep an eye out for identity theft. Because most identity theft can be traced back to a breach related to a social security number, credit or debit card, or bank account number, it is essential to protect these items with aggressive vigilance.
In a world where most consumers partake in Internet banking in some form or other, here are some points to keep in mind related to Internet use of banking information:
- Always use a secure Internet connection to conduct banking.
- Be sure firewall software is up to date.
- Check that spam filters are installed.
- Set anti-virus software to do routine checks.
- Never open unsolicited attachments.
- Do not click on a link in an email from a “bank” until you verify through a phone call or other means that the communication is legitimate.
3. Know What to Do if you Suspect Phishing Activity
Eventually, most Internet users will end up clicking on a link or providing some information electronically only to think twice about it later. Children and older adults need to feel comfortable telling the head of household if this happens, so always encourage open communication in this regard. As a business owner or head of household, here are some tips to help combat possible phishing attacks:
- Contact the legitimate bank or credit card company to make them aware of the problem and ask for a replacement card.
- Register with an identity theft monitoring company and have them monitor your identity for a year (or longer).
- Go back over email communication to be sure all compromised accounts were checked.
- Review and stay current on safe Internet usage.
- Report the incident.
US-CERT (United States Computer Emergency Readiness Team) is the Homeland Security division that handles computer-related threats. Their website is a thorough resource for learning more about phishing tactics and other spam and scams that fool users every day. They urge citizens to report phishing and other attacks on identity theft through their website.
While no one is 100% free from the threat of identity theft, there are a number of effective steps consumers and business owners can take to lessen the odds of becoming a victim of this cyber crime. Understanding current threats, monitoring communication, and reporting suspicious Internet communication are all important aspects of keeping cyberspace safe for the honest majority of Internet users around the world.
These tips were submitted by Joe Schembri, Villanova University’s information security training courses. Villanova University helps trains federal professionals as well as those who work in the private sector to defend against today’s cyber threats.