Phishing is an age-old Internet pothole. It’s survived since the early ages of AOL chatrooms for one simple reason: It really works. The setup is simple: A bad guy poses as a trusted entity online to steal your personal information.
Just ask the U.S. government, which
we recently learned has adopted phishing techniques to spy on millions
of people. It’s probably about time you learn a little about how to
avoid getting phished yourself, no?
What is phishing?Phishing is the online version of being conned. Imagine Leonardo DiCaprio’s character from Catch Me If You Can but less charming. These scammers sit at their computers and pretend to be legitimate trusted companies (like Microsoft or Netflix) as a way of tricking you into handing over personal details like login info, credit card numbers and sometimes even money.
How can it happen to me?Phishing
comes in many forms: emails that seem like they’re from Wells Fargo or
Facebook, instant messages or communications from people on popular
social networks like Twitter or Facebook. It all starts with a link.
Once you click it, you’re redirected to a pharming website that
looks identical to whichever company the scammer is posing as. You’re
then prompted to enter your login information.
From there, scammers might lure
you to other sites or try to trick you into downloading attachments that
unleash viruses, keystroke-tracking software or other malware.
I’m pretty sure I’d know if I was being scammed.You
are most certainly an intelligent human being who can smell the stink
of a sleazy salesman or a tourist trap. But when it comes to phishing,
you might be less savvy than you think. Last year, researchers at North
Carolina State University asked a group of 53 undergraduates to
distinguish malicious emails from legitimate ones, and nearly everyone in the group failed.
Keep in mind that these were students, meaning that they were likely
young Internet natives. In other words, scammers are getting just as
sophisticated as the people they’re exploiting.
OK, OK. What are a few things I should look out for?Glad you asked! Here’s the super-simple version:
• Don’t click on hyperlinks in emails from people you don’t know. This
piece of advice is a little less obvious than you think. Yes, your
mother, husband, sister and aunt are not trying to send you spam. But
that doesn’t mean that their email accounts aren’t vulnerable to being
hacked. So always make sure to hover your mouse over the linked phrase
in question. Usually the address of the item will pop up in a gray box
at the bottom-left corner of your browser. Like so:
If it doesn’t look familiar, steer clear.
Also, smartphone operating
systems are currently much less vulnerable than those of your computer.
So if you’re unsure about something, try opening it on your mobile
device (Apple products are usually less vulnerable to viruses). This
might protect you from getting malware, but if you start typing in your
bank account number on a phony site, you’re still in a world of trouble.
• Verify your web URLs. Whenever
you visit a site that requires you to enter sensitive information
(credit card numbers, your Social Security number or other financial
information), check the URL in your search bar. It should show
“https://” rather than “http://,” and usually a secure connection is
displayed with a little padlock image like the one below. You can
double-click the padlock to see the security info that lets your browser
verify that the site you’re connecting to is what you think it is. SSL
stands for Secure Sockets Layer. It keeps all the communication between
your browser and your websites’ servers private and secure.
• Just completely ignore pop-up windows. Pop-up
windows are inherently sketchy because without a bar that displays a
site’s URL, you can’t actually verify that it’s a secure site. So don’t
enter your sensitive info into one, and always make sure to click the X
in the top corner of the box to get rid of them. Clicking the Cancel button can sometimes send you to a link, or automatically install malware.
• Look out for weirdly formal language. Modern
companies don’t usually write royal English or handpick their customers
to receive thousands of dollars. If anyone calls you “Sir or Madame” in
an email and she’s not the Dowager Countess from Downton Abbey, it’s probably a scam.
Do I have to, like, download some software?Yeah, that’d be a good idea.
• First and foremost, you should get antivirus software
that will help protect you from bad stuff floating around online. The
type you should choose depends entirely on your operating system. Here’s
a good resource for PC owners. And if you don’t want to spend any money, this is a legit list of free services.
Whatever you choose, make sure to keep it up to date. Your web browser
is much more susceptible to a hijacking if your security software goes
stale.
• Anti-spam software isn’t essential, but it lowers your chances of falling victim to a phishing attack, since many of them come in spam form. PC Mag has an extensive list here. And many browsers provide add-ons that help protect your computer. Chrome, for instance, has a free AdBlock extension. So does Firefox.
• And then there’s anti-spyware software.
Unlike malware, which is intended to damage or disable your computer
system, spyware infiltrates your hard drive to collect information. This
is something that Windows owners, above all others, must be cautious
of. Here’s a list of free anti-spyware software that can prevent the problem before it happens.
This is really overwhelming. I feel you. And this is the simple version.
Why can’t companies just make products more secure from the get-go?You’re not alone in asking that! Former NSA contractor and whistleblower Edward Snowden said he thinks they should, too, at South by Southwest this week.
No comments:
Post a Comment