Receiving an official-looking email warning that the bank will freeze a personal or business checking account unless the personal information is verified is not uncommon. Possibly, the email included a link to a somewhat familiar sight. Clicking on the link landed the unsuspecting victim on a website requesting confidential and personal information, such as a bank account number or a Social Security number.
The problem is the emails are not from an actual financial institution. Instead, the emails are the tools scammers wield to harvest personal information and threaten cybersecurity.
These types of emails are examples of phishing, activities that cybercriminals employ to trick people into relinquishing personal information that can then be used to access bank accounts or credit cards. Phishers use multiple channels to conduct their schemes, including email, text, and telephone.
The method is irrelevant. Personal information is the ultimate goal. Every day, countless waves of fake email and text messages are sent out worldwide, hoping to deceive even a few people into handing over sensitive information.
Some phishing emails or texts look unprofessional, use terrible grammar, or request the recipient to click links with strange URLs. Sophistication is not that important. The key is volume. Only a few respondents are required for the scam to be successful.
Computerworld provides a brief overview of the origin and history of phishing, offering insight into the world of the cybercriminal. "The word phishing was coined around 1996 by hackers stealing America Online accounts and passwords. By analogy with the sport of angling, these Internet scammers were using email lures, setting out hooks to "fish" for passwords and financial data from the "sea" of Internet users. They knew that although most users wouldn't take the bait, a few likely would. The term was mentioned on the alt.2600 hacker newsgroup in January 1996, but it may have been used earlier in the print journal 2600, The Hacker Quarterly."
The criminal practice dates to the earliest days of the internet. Early on, the efforts proved successful. People were trusting, and they had no reason to be overly suspicious. The origin of the word proves quite interesting. Do not be confused by the spelling.
"Hackers commonly replace the letter f with ph, a nod to the original form of hacking known as phone phreaking. Phreaking was coined by John Draper, aka Captain Crunch, who created the infamous Blue Box that emitted audible tones for hacking telephone systems in the early 1970s. By 1996, hacked accounts were called phish, and by 1997, phish were being traded among hackers as a form of currency — people would routinely trade ten working AOL phish for a piece of hacking software."
How to Recognize a Phishing Expedition
Learn how to recognize phishing scams and resolve never to click on a link in an email or text that seems to be from a bank, credit card provider, or other familiar company.
Warning Signs of Phishing Emails
Modern scammers are very sophisticated. Here are some warning signs.
A generic greeting.
Phishing emails might not be addressed specifically to the recipient. Beware of emails starting with a nonspecific greeting such as "Dear Sir or Madam" or "Dear Account Holder."
Spelling and grammatical errors.
Grammar and spelling have significantly improved over the years, possibly due to technology such as Grammarly. Emails littered with typos and odd or unusual language signal a scam.
A bank asking for account information or other personal financial information.
No financial institution (bank, credit union, credit card company) will ask for a Social Security number, a bank account number, or PIN by email. Do not provide this sensitive information in response to an email.
A call for immediate action.
Phishers press for quick action and do not allow much time for thinking or investigation to validate the email offer or request. They threaten the looming suspension of a bank account or credit card. Never reply to an emergency request. Phishing scams often demand urgent requests for action and threaten painful consequences for inaction.
Offers that are too good to be true.
Phishing emails may attempt to hook victims with what appears to be cheap offers for expensive items like smartphones or vacations. The offers may look incredible. Resist the temptation to respond to them. Most likely, the emails are phishing expeditions.
Senders that are unfamiliar.
If the sender is unrecognized, consider deleting it. Be careful not to download any files or click on links if the decision is made to read the email.
Senders look somewhat familiar.
A phishing email might source from a name that is recognized. Beware! The email may have originated from the compromised email account of a known contact, either family, friend, or business. If the request is for personal information or money, the email is probably bogus.
Four Steps to Avoid Phishing Scams
Avoiding most phishing scams requires some commonsense strategies, self-discipline, and proactive adoption of managed IT solutions.
- Do not open emails that look suspicious.
- Do not click on suspicious links in emails.
- Do not send financial information through email.
- Do not click on pop-up ads.
Proactive IT Management Solutions
Mobile Computer Services, Inc. of Raleigh provides proactive managed IT services that deploy multiple security layers to protect an email system from litigation, spam, phishing scams, malware, and viruses. Dentists, veterinarians, and small businesses should know whether their email system is at risk. If there is any doubt about network security or email vulnerability to phishing scams, ransomware, or viruses, take action today. Speak with a Mobile Computer Services, Inc. specialist to determine if compliance with current laws is an issue. The team can configure an email infrastructure that ensures the continuity of a dental practice, a veterinary clinic, or a small business and that utilizes email as a beneficial business tool.