Computer viruses and identity theft have been staples of Internet use since personal accounts and online payments were possible. Responsible Internet users began to take a number of measures, including looking into payment security, purchasing virus protection, and avoiding pop-ups and unfamiliar downloads. Whether you were aware of the risks involved in Internet use, you can quickly and easily learn some of the most important facts to keep in mind when browsing, downloading, or using an Internet-based service like online banking.
The most obvious security measure is to stick to what you are familiar with. If you do not recognize a domain name or your browser suggests a webpage is not secure, then navigate away from it. But it’s not always that easy; Internet scam artists have kept up with basic security and can now manipulate users by imitating tech that even the most cautious people will trust. For example, have you ever received an email notifying you that your bank account is hacked and then asking you to provide access information? Or ever had a pop-up that looks a lot like a MySpace or Facebook login? This cunning scam is called “phishing,” and criminals have been perfecting it since the Internet’s rise in the ’90s.
What is Phishing?
Phishing is a particularly deceptive and popular scam that attempts to procure usernames, passwords, and other confidential information. Usually phishers try to fool unassuming users with imitation sites or deceptive emails and messages. There are several different categories of phishing:
- Spear Phishing – When phishers collect data on an individual or company, such as browsing trends or purchase histories, in order to increase the likelihood of procuring access information.
- Whaling – When phishers specifically target high profile executives, CEOs, or other particularly wealthy individuals.
- Clone Phishing – When phishers duplicate a received email from an inbox and send it to the recipient again. The new email, described as a re-send or an updated version, usually contains a link to a website infected with malware (software designed to install onto computers from the Internet and gather valuable information or disrupt operation).
While these three categories of phishing are the most popular, phishing can take many forms. When phishing occurs by phone, it is called vishing. Vishing can involve manipulating caller I.D. data and then imitating banks or credit companies. With phishing, the goal is always the same: Attain valuable numbers and information by any means.
When successful, the victim is exposed to a number of risks. They can lose access to their email, bank, or online payment accounts. When this happens, viral phishing can occur, which is when phishers use hacked accounts to find more victims; this is usually done by posting links or sending endorsed emails. After all, a site looks more attractive to a potential victim if it’s recommended by friends or family. In extreme cases, after accessing your accounts, phishers can steal money directly from bank accounts, damage credit scores, even destroy computer hardware.
How It Works
Most Internet phishing techniques depend upon link manipulation and filter evasion.
Link manipulation is when phishers set up malicious websites with URLs that appear familiar. Upon further inspection, however, the URLs are either slightly misspelled or the domain and subdomain are in the wrong place. It’s important to be vigilant about any site you open. Sometimes simply inspecting the URL will do it. Some browsers, like Google Chrome, will display a preview of the destination on the bottom of the browser before you open the page. Choosing a browser that enables link previews can help to facilitate security while browsing.
Filter evasion is even less detectable to most casual Internet users. Typically, email filters are able to detect phishing emails by scanning inboxes for words commonly used among phishers, like “paypal” or “credit card.” Filter evasion is a technique where phishers use images for keywords instead of text. If an email looks suspicious, most browsers can test whether filter evasion is taking place by highlighting questionable text or images. You should make a point of running an email scan on anything unfamiliar. When there’s any doubt, you should report the email to your email service provider, flag the sender and avoid opening any similar emails!
What You Can Do
You are not defenseless against phishing. First, read some accounts of Internet scam victims so you have an idea of the forms phishing can take. Next, stay on top of new phishing scams and techniques used by Internet criminals; new techniques will always crop up.
If you suspect you’ve fallen victim to a phishing scheme, there are several measures to take. If there is any unusual activity on any important account, immediately change the password or PIN. To be safe, consider changing the passwords and PINs on all of your accounts, especially if you use the same password over and over again; directly contact the help department for the compromised service. If you are certain one of your online accounts has been accessed, report the incident to the IC3 (or use the “report” function that many email services now offer) and consider informing your email contacts and credit companies of strange activity.
In the always changing world of online communication, it’s not always necessary, or feasible, to stay on top of every trend. What you need to do, however, is stay on top of your personal security. Avoiding Internet scams is not part of a trend you can ignore; it is a serious consideration for every responsible, financially independent adult. You are not alone; more and more people have scams and Internet crime on their minds. Visiting and revisiting the links found above will help you secure your online information and privacy.