Phishing: Simply, is an attempt by “bad people” to obtain private or personal information from you.
Sounds simple enough to avoid, right?
Well, the “bad people” have to be pretty good to in order to make this effort lucrative. They are extremely convincing, and in some cases indiscernible.
Well, why should I care?
In short: If they gather enough information from you, they can steal almost any digital assets. Considering many of our physical assets (home/car loans, medical records, employment, social security, 401k, etc.) the impact could be almost limitless. Financial loss through internet scams is in the billions of dollars annually – and it starts through a seemingly innocent email.
Let’s first review what it is, and how it would look.
You may have received an email:
“Your password needs to be reset within the next 24 hours – click here to reset it or click here to keep your current password”
The innocent recipient, clicks on the link ( thinking this is an urgent request from their IT department or account provider).
The link will prompt for your password. You enter your password, but, it appears to have failed. You retype your password, and then, you can access your account.
Nothing happened right? WRONG!
At this point, your email address AND password has been obtained by a bad actor. Within hours, the bad actor will have access to all of your email. They will then survey your account and/or begin grabbing your mailbox contents and contacts.
A quick scan of mailbox message contents, and the identification of passwords and/or statements from a bank.. and BAM! They now have their next target – your bank account.. and possibly more.
Once they begin to unravel your internet identity, the amount of damage is unlimited. At some point, they will reuse your password on other accounts which have been linked. Furthermore, they may sell their findings on the dark web.
They can systematically take control over your email accounts, recovery accounts, public records, bank records, etc. They can also begin to send misleading information to your contacts – for example,
Dear SoAndSo,
I am sorry for this odd request. I am stranded in _____ City, in ____, with my family, my wallet was stolen. I need $1000 to buy a ticket home. I will be grateful for anything that can be sent, and will repay you when we return.
Thank you,
… now that the “bad actors” have stolen all of an innocent targets money, and assets, they are now targeting their friends. And again, it could get worse.
Moral of the story?
Don’t become a victim. There is not limit to the extent of damage that could be inflicted – both financially and/or personally (e.g., social media or reputation).
How to not become a victim?
This link from the FTC is a helpful starter:
https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/phishing
Fundamentally, be smart: The below link is also very helpful, and contains some quick easy ways to validate if an email is legitimate or not. Of course, in a corporate environment, always contact your IT department if you feel that you were phished or if you feel that you have been compromised.
https://www.itgovernance.co.uk/blog/5-ways-to-detect-a-phishing-email
Be very suspicious of messages containing prizes for efforts that you have never been involved.
Stay alert!
If you see unusual activity within your email account, within your accounts – contact IT or support immediately via phone or outside of email. If your email account was compromised, then, an email from your account will tip them off.
If there is unusual activity from friends/family accounts – contact them via a different medium.
If you see something… say something!
Stay safe!