scams, Almost Secure Blog, phishing

Phight Back Against Phishing

You know what I'm talking about - the email asking you about an invoice for something you didn't really buy, the vague but great offer, the robotic voicemail telling you that you owe money to the IRS. At the end of the day, you can protect yourself against phishing by learning to spot scams.

What do they want from me?

In general, phishing is the attempt to obtain information from you - think usernames, passwords, social security numbers, credit card numbers, etc. The phishers disguise themselves as someone you trust, such as your bank. They will then use the info you give them to gain access to your online accounts. Just think of phishing as a scheme to get you to hand over information, so the perp can steal something tanglible from you (usually money!).

So, is this the "hacking" I hear so much about?

Not really. Phishing is less a technical break-in, and more a crime of manipulation. It's like a thief getting you to hand over the code to your safe instead of going through the trouble of hiring a professional safe-cracker.

How can I protect myself?

The most important thing you can do it to be skeptical. If an offer sounds too good to be true on the internet, then it is. I'm serious - if the offer is too good, you should ignore it. If you try to sell a car on craigslist and you quickly get an offer to buy it for more than the asking price, don't even bother responding. Start treating things on a internet with a little side-eye.

Or, if the communication is scary (This is the IRS! You owe us money!), take a deep breath. If the voicemail contains a phone number, do not call that number. Instead, google "IRS contact information" and then call that number instead. You should always independently verify the contact information. Otherwise, you might just be clicking on a link that takes you to stealallyourmoney.com

Remember, legitimate companies will never send you an email requesting a password. If you receive an email requesting password information, delete it. Also, watch out for online quizzes that ask questions like "what was the name of your high school?" and "what was the name of your first pet?" Do you recognize those questions? They're commonly used as security questions that allow you to reset passwords in online accounts. Don't make things easier for the criminals out there.

The goal here isn't to make you paranoid. It's just to remind you that your information in valuable! Stop and think about the why behind online offers or requests for information. If the reason seems phishy to you, toss that request overboard.

Author image

About reggie

Security specialist who loves falling down arcane Wikipedia rabbit-holes. CISSP and a Masters in Information Technology w/ concentration in security. She tells herself that she done with school.