Phishing scams: How to avoid getting duped
We’re talking about phishing scams again.
The latest: online news site The Intercept said it had obtained a classified report purportedly from the NSA that claimed Russian military intelligence conducted a cyberattack targeting at least one supplier of voting software.
The attack involved spear phishing, a targeted attack where local government employees received emails that appeared to be from e-voting vendors containing attached documents with malware.
Spear phishing is different from a standard phishing attack, because the emails appear more personalized.
“Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for,” reads an explainer from Internet security company Norton.
In either case, there are ways users can protect themselves from phishing attempts:
1. BE WARY OF E-MAILS WITH LINK REQUESTS
Very simply, if you see an official looking communication from Google, Facebook, Amazon or any entity, directing you to take action by clicking a link, don’t.
Click it, and the bad guys can tap into your digital identity and wreak all sorts of havoc.
Read more: Google Docs warning: There’s a phishing scam going around
2. COMPANIES DON’T ASK FOR PASSWORDS IN E-MAILS
Hackers are really good at creating phony e-mails that look like the real thing. But here’s what Facebook says:
The company “will never ask you for your password in an e-mail or send you a password as an attachment.”
The same goes for the IRS, banks and other officials–if you’re under an audit, you’ll be notified by the U.S. mail. You don’t need to sign into an account that’s probably bogus.
3. HOW TO ID A FAKE E-MAIL
Fake e-mails look usually spot on, but there’s usually a typo, a mis-spelled word, a contact address that isn’t a google.com or amazon.com home, but instead a webmail address.
And it usually has an address with http:// instead of the more secure HTTPS, which is what the big online firms use. The S stands for secure, by the way.
4. WHAT IF A FRIEND SENDS E-MAIL WITH JUST A LINK?
Be wary, inspect it, ask the friend what the intent was before agreeing to click on the link.
If the e-mail is from a company, and you’re addressed as “sir” or “madam” and not by your name, and you’re also asked to fill out a form, a simple solution—don’t.
5. MOBILE MAKES IT HARDER
In an age where we live on our mobile phones, these fake e-mails are smaller, harder to spot, so you’ll need to be that more diligent and take the time for inspection.
6. HOW TO RESPOND TO A COMPANY WE TRUST?
Google, Facebook, Amazon, Apple and and other companies routinely ask us, via an e-mail, to update our passwords when we’ve forgotten them. Their pages look authentic, and they offer e-mails with links when we ask for a reminder. So why should I click their link when they send it to reset the password?
Because you requested it from the company. (If you’re worried and want to play it safe, skip the click and go straight to the browser. Google, Facebook and many others let you change your password at their .com addresses, by going to the account section and opting for a new password.)
Finally, it goes without saying, while we have your attention, that this is a great time to update your passwords with hacker proof collections of numbers, symbols, upper and lower-case letters. Stay away from hacker favorites like “password,” 123456″ or the name of your street.
Experts also recommend really long passwords like isleptunderabedoftunafishinhanaapepehawaiiinaugust2011, but those can be quite a chore to type in frequently. Password managers like Dashlane and 1password help you keep track of passwords.
By Jefferson Graham , USA TODAY