I am one of those people that thinks, "Who would fall for that?" when it comes to phishing scams. For example, I received this text message not too long ago. Really, I just won a $1000 Best Buy Gift Card?? I don't even recollect filling anything out to submit my name into the drawing. Plus, I have never won anything so this is definitely a scam.
My wife was looking over my shoulder as I was inserting the
above picture for this post and she kind of chuckled. I asked her what was so funny
and she said that she received a text like that a couple of months ago that
stated she won something from Wal-Mart. I said, "You deleted it right?" She said, "No I clicked on the link and it brought me to this weird website. After that I closed out of it, but this weird $10.00 charge ended up on our cellphone bill after that. I had to call them and they ended up removing the charge." I couldn't believe what I was hearing. Of all the people, my wife fell for the obvious phishing scam. I just consider myself lucky this time.
The whole situation made me think about the effectiveness of phishing. According to scambusters.org phishing scams are on the rise. This is probably because they are easy for scammers to employ and they are effective, but just how effective are they? Statistics on it are scarce which may be because it is difficult to retrieve data on a phishing scam after it has been uncovered. However, Bortnik (2011), an Awareness & Research Coordinator at ESET Latinoamerica, reported in his blog that his organization researched a phishing attack that lasted just over five hours. The brief phishing scam resulted in 164 people accessing the site with 35 of them entering their credit card information (http://blog.eset.com/2011/01/26/inside-a-phishing-attack-35-credit-cards-in-5-hours). I consider that to be an effective phishing scam in my book. Another statistic provided by http://www.phishing.org states, "the cost of phishing is nearly $500 million per year in the United States alone." Now that is a lot of money and proves that phishing is very effective.
So what is phishing and what can you do to prevent yourself from becoming a victim? Phishing is a method that attackers use that attempts to get people to provide their sensitive information. They can employ their method by using different methods either by email or phone. In addition, attackers are also employing their phishing attacks on mobile devices since they are growing rapidly in use and popularity.
Surprisingly, phishing attacks are easy to defend against even though they are becoming more sophisticated. If you practice the following techniques provided by http://www.phishing.org then you will decrease your chances of becoming a victim of a phishing attack:
1. Check email carefully: look for errors and investigate the information. One way to investigate the information is by calling the organization stated in the email directly. However, do not use the phone number in the email if provided. It could be another trick.
2. Never provide private information: many emails will ask for your private information after you click on a link in the message. Never provide information when prompted to after clicking a link in an email.
3. Identify fake phone numbers: phishing attacks over phones may disguise their phone number. Try to identify if it is fake or not. When in doubt, don't relinquish any private information. I personally never provide any information unless I initiate the call to the organization.
4. Use firewalls and antivirus: firewalls and antivirus will aid in preventing and / or identifying phishing attackes when configured correctly and updated regularly.
5. Never send private information in an email: there is no telling who may end up with private information you send in an email. The best practice is to just not do it.
6. Check your finances regularly: this will allow you to identify and dispute any discrepancies shortly after they occur.
7. Never download files from unreliable sources: If you have any doubt at all as to the legitimacy of an email or website then don't download any files from the source.
Phishing scams are effective and therefore, I think they will remain to be a method that attackers are going to continue to employ. Thankfully, there are ways to combat their ploys. Practice the above suggestions and you will lessen your chances of becoming a victim. Thanks for reading and look for my next post sometime next week.
Resources
Bortnik, S. (2011, January 26). Inside a
phishing attack: 35 credit cards in 5 hours [Blog post]. Retrieved from ESET
Threat Blog: http://blog.eset.com/2011/01/26/inside-a-phishing-attack-35-credit-cards-in-5-hours
How to prevent phishing scams. (n.d.). Retrieved January 11, 2013, from http://www.phishing.org/
Phishing scams: How you can protect yourself. (n.d.). Retrieved January 11, 2013, from http://www.scambusters.org/phishing.html
No comments:
Post a Comment