ANDY: The holiday shopping season is upon us and people are getting more spam and emails from sources they are not familiar with. I think a lot of this might be classified as phishing and pose a risk to the receivers. Can you give us a refresher course on what phishing is and how to protect ourselves from it?
CHARLIE: I would be happy to. My remarks today are taken largely from a web site phishing.org which is dedicated to just the topics that you asked about: what is phishing and how to protect against it.
What is phishing?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.
Phishing is commonly done via email with one or more of these features:
- Email from an unusual sender or the sender’s email address is not right
- An offer that is too good to be true
- This deal is only good for a limited time or a limited number of respondents
- Hyperlinks that don’t go where you think they will
- Attachments that are actually viruses or ransomware
On the phishing.org site they have a great illustration of an email where they point out 22 different kinds of social engineering that are commonly used in phishing emails.
ANDY: You’re right…I see these kinds of things in my emails regularly. So what can we do to protect ourselves from phishing attacks?
CHARLIE: First and foremost: Be Vigilant! If something doesn’t look right check it out before you click on it. Some other things you can do include:
- Hover over email addresses or links in emails to be sure they are going where they say they are going…and that it’s where you want to go
- Use a spam filter…and add suspicious emails to the spam filter so they are blocked.
- Browser settings should be changed to prevent fraudulent web sites from opening. (Safe Browsing)
- Change passwords frequently and don’t use one PW for everything.
- Be careful with requests for your password or redirection to sites asking you to change your password. Contact the company directly with a means that you can trust to verify any such requests.
- Verify that a site you are being redirected to has a valid SSL certificate. (The site URL begins with //https:)
ANDY: You’re sure right about all the spam coming in during the last week.
CHARLIE: Yes. Much of it is from valid ecommerce sites pitching their products. But you always have to watch what you are clicking on to keep malware or other un-wanted software from being downloaded on your machine. As an aside, we see a lot of machines that got several different trial anti-virus programs on them because they were downloaded with some program update. You have to watch the little boxes and clear the unwanted check marks.
ANDY: So the key point today is to be very vigilant when receiving email and when clicking to download software. Make sure you know where it’s coming from, make sure the links are going where they say they are and make sure there’re no boxes checked to download unwanted files.
CHARLIE: And again you can go to the phishing.org web site for more info on what phishing is and how to protect yourself from it.
Or you can go to our web site, pcapp.com to see what we do, to see our blog with more tech tips or to contact us with your questions or requests for PC service and support. That’s www.pcapp.com.
Before your computer’s down, just call Charlie Brown