Phishing: What to know before you start your online holiday shopping

 

As we head into the holiday season, more and more of us do at least a portion of our holiday gift shopping online. More people doing online shopping attracts more online criminals. From the beginning, we all are aware of the Nigerian (419) Scam where a wealthy foreigner who needs help moving millions of dollars from his homeland and promises a hefty percentage of this fortune as a reward for assisting him. Since then, the criminals have become more clever and sophisticated in their ploys to steal from us.

There are two new techniques you should be aware of. One is known as angler phishing and the other as smishing (or SMS phishing) Both have grown dramatically and are a significant threat to consumers.

Angler Phishing

Social media is a great way for people to contact companies about product or service issues. Angler phishing is a trick that criminals are using to get your confidential data by mimicking a company’s legitimate customer support account. Using subtly modified domain names, such as “Apple” vs “App1e” (which in some fonts is indistinguishable), “mobile-paypal.com,” or “ask-company.com,” these criminals monitor Facebook, Twitter and other social media sites for people complaining or asking for help. Then they jump in and offer their assistance, asking for identifying information or providing a link to their fake website.

The best way to protect yourself from angler phishing is always to go to the company’s website first, and follow links from there to the appropriate customer support contacts.

Smishing

Smishing, or SMS phishing, brings the familiar fake ads, contests and bonus offers to your smartphone. The smaller screen, context-specific messages and distracted nature of smartphone usage make it more likely that you will click on one of these. Caller ID spoofing can even add the fraudulent message to an existing threat, or make it look like it is from an official number.

The best way to protect yourself from these scams is to vigilantly delete anything that you did not initiate, or that is not from a known contact. Remember, in most cases, you are not today’s lucky visitor, this is not a real refund offer, your bank or credit card account has not been suspended, and your Apple ID is not expiring. No one needs your user ID, password, Social Security number, or other account details via text or Twitter. That offer that expires in 90 seconds is most likely not real, and anything that is too good to be true, usually is.

Excerpts from Security Magazine: Phishing: The Scary Clown of Cybersecurity   by Gary Davis
This entry was posted in Security News. Bookmark the permalink.