Okay, so I've been absent for the last few weeks. I wish I could say it was because of a good reason, but truth be told, I've just been busy, and frankly lazy about writing. Recently though, I was asked if I had interest in writing an article for a local magazine. Of course I said yes. Partly because I'm a glutton for self promotion, but also because I have a desire to help people learn about security concepts in simple easily digestible terms. I figured since I was going to be writing anyway, I might as well kill two birds with one stone and write something for the small online audience I have somehow managed to entrance with my wit, and nuggets of information. I'm going to make a confession, but first you need to have a little bit of background.
At its inception the internet was a way for government researchers to share information, since those days the internet has evolved into a proverbial powerhouse. It encompasses both leisure and function. Think about how much of our lives rely on the internet, online banking, email and social media have become parts of our everyday lives. Through social media posts, we share updates about our lives, our thoughts and musings, and photos of friends old and new. Videotelephony allows us to visit loved ones separated from us by miles, and oceans through video calls. My personal favorite to think about, if you have a cell phone, you literally carry the entirety of human knowledge in your pocket. Think about that for a second. At no other time in human history, has knowledge been as accessible as it is today...
Curious about Ancient Germanic pagan rituals? Boom! the internets got ya. Who knows about the worlds largest rubber ducky? Yep the internets got that. Pictures of dogs with pots on their head? Guess who, its the internet. Do you have a need to know the airspeed velocity of an unladen swallow? knock knock. Who's there? It's the freaking internet!
The internet’s biggest benefits are, quickly sharing information and facilitating the innate power of interconnectivity, but it’s also the greatest detriment.
When you read the title, did you feel a sudden rush of panic, and have a thought like “Oh no, what’s happened”? Did it entice you to read further? Well, the title itself was subterfuge. Not subterfuge out of malice, but as an example. I used the same tactic that cyber criminals will use to try to hook you into a phishing scam. There is undoubtedly an ugly underbelly of the internet, which in truth, is vast in scope. But I only want to highlight one small part here, phishing scams.
Phishing is a form of cybercrime, which involves using deceptive techniques to attempt to gain access to sensitive information, such as usernames, passwords, credit card or bank account details. These types of attacks are initiated through misleading emails, text messages, or websites which initially appear to be legitimate. Not unlike my title, they employ urgent requests, alarming messages, or enticing offers to make the recipient act quickly. That’s the bait they use to set the hook and reel you in.
Phishing emails
By far the most popular method of phishing is through email. The attack starts when you receive an email stating that your password is expiring, or you must confirm your password before your account is deleted. Like my title, phrases that are engaging, panic inducing, and insist that action be taken as soon as possible are used. (see photo)
So how can you detect an online scam? Honestly, I wish it were as easy as just following a checklist. But it also takes a degree of caution and skepticism. I’m still going to give you a checklist though, just in case.
Check the links!
First and foremost, my recommendation is to never click links in emails, unless you can verify the sender, and you know and trust them. If you’ve clicked a link in an email, and it opened a web page asking you to log into your bank account. Look at the address bar at the top of the page. It should appear to be related to your bank in some way. The bad guys on the internet are very good at making fakes.
Good: Mybank.com/login
Bad: SC453S.SWoiik.scamm.site.com
If you aren’t sure, navigate to the page another way such as a bookmark, type in the address manually, or perform an online search. That way you can be a bit more confident you aren’t accidentally sharing with the wrong people.
- Verify the identity of the other party.
- Check the email address, does an email from “Microsoft” have a gmail.com address? If so, it’s not legitimate.
- If you aren’t confident, find another way to contact the organization to verify. Most companies list their phone numbers online or offer online chat.
- If a phone number is listed in the email, perform a search for that number. If it belongs to that organization, it’ll show up in search results.
- Review the content.
- Legitimate organizations generally proof and verify communications before they are sent out. A key indication of a phishing attack are grammatical and spelling errors, and the way it’s written will feel off. Those are signs to proceed with caution, it might not be legitimate.
- Be Skeptical of Unsolicited Attachments.
- If you receive an unexpected attachment, especially from an unknown sender, exercise caution. Malicious attachments can contain viruses or malware designed to compromise your device or steal your information. For example, if you aren’t expecting Aunt Barbara to send you a file from a new email address, it’s a good idea to give her a call before opening the attachment to verify.
Look out for unusual behavior from allegedly legitimate organizations.
- Things a legitimate organization will never do:
- Request payment in gift cards or Zelle transfers.
- Never purchase gift cards for someone you’ve never met in person.
- Never send Zelle payments from your bank to someone you don’t know.
- Encourage you to Not tell anyone about your conversation.
- This is a red flag, It’s an especially popular tactic with phone scams. If you say you need to call your bank, spouse, child, neighbor, etc. and the person on the phone says no, or if they are trying to convince you to stay on the line. Those are signs you should hang up and speak to someone else about the situation because something is not right.
- If a major corporation calls you out of the blue, and it’s not a normal or expected thing, proceed with caution.
- For instance, if you get a call from someone claiming to be from Microsoft or Best Buy notifying you that they’ve detected an issue with your device. It’s a scam.
- Don’t be afraid to ask.
- The reason some of these scammers are so successful is because they are very good at what they do. There have been times when I have turned to someone for their opinion on an email or website because I just wasn’t sure. It’s better safe than sorry. If you’re ever not sure it’s okay to ask someone else. Speak with a trusted family member, call your bank, go grab your neighbor and get a second opinion.
- Request payment in gift cards or Zelle transfers.
Look, despite how it might seem, my intention isn’t to scare anyone into swearing off the digital world. The internet itself isn’t inherently good or bad, it just is. There are people using the internet to do terrible and self-serving things, but I choose to focus on those who use it better the world around them. Platforms like GoFundMe are used to raise funds for charitable initiatives, humanitarian aid, and assist with medical expenses for those less fortunate. Crisis Response and online support groups provide a support network of individuals for those whom these services would have previously been unobtainable. These examples, and many others, are often overlooked examples of the altruism that the internet makes possible.