One Phish, Two Phish, Red Phish, Blue Phish Skip to main content

One Phish, Two Phish, Red Phish, Blue Phish

We’ve all seen the headlines – it seems each week, there’s another major corporation or celebrity that has had a security breach, where photos, email addresses or credit card information is stolen by some group you haven’t heard of. You briefly wonder if you’re affected, you might make a joke about “the types of people who fall for those scams”, then figure you’ll get an email, a letter, or a phone call from your bank telling you that they’ve given you another year of Identity Theft protection for the trouble, and you move on with your life.

Unfortunately, those “Scams” are getting more sophisticated each day. You may not think a scammer finds you interesting enough to go after, but even if your iCloud photos are “vanilla” and your bank account isn’t much to look at, your contact list is priceless. By harvesting any email addresses, phone numbers and any other identifying information you may have on a person (birthday lists, anyone?), a hacker can get to the “big fish” that much easier. Think 6 degrees of Kevin Bacon – how many degrees away are you from someone or something that is really valuable? Are you willing to risk the safety of your friends, or family, or your business?

Phishing attempts come in all shapes and sizes. Here are some of the most common that we’ve seen:

document_-_heather_roceteer_com_-_Roceteer_Mail-16

Scammers can usually be spotted by poor grammar, spelling and punctuation. If you notice mistakes in an email, it might be a phishing attempt. (Real companies have marketing people that proofread mass emails before they are sent out.)

If you are suspicious about a link in an email, don’t immediately click on it. Hover over the link, or right-click and copy/paste it into a browser. This will prevent you from opening any suspicious links directly, and also allow you to see if the link matches what is presented. Some legitimate sites will add tracking codes, so what you’re looking for is the domain (http://roceteer.com, for example, as opposed to http://imascammer.wordpress.org.com)

Google_Secure_Docs-2

Links might also lead you to .exe files or .dmg files. If you are not expecting to download a file from a link, this could be an attempt by a scammer to install a virus.

Scammers often use threats that your security has been compromised. This will generally follow a legitimate report of a security breach from a major company, but take you to a site that is not legitimate to gain your information.

441063-tasty-spam-apple

Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.

fb-phishing-2

Scammers also use web addresses that resemble the names of well-known companies but are slightly altered (http://rocteer.com , for example)

And with social media’s popularity, one very common scam is unfortunately that people you do not know will become your “Friend” to gain information about you. As you talk on Facebook about the good old days of where you grew up, the places you’ve lived, when you got married, who was your best man at your wedding (for example), your birthday, your anniversary, your favorite book, your favorite teacher – all of these things coupled with the email address they already have can get them into literally any account on the internet and have them steal your identity.

Growing_Up_In_Old_Bridge-3

Scammers might also call you on the phone and offer to help solve your computer problems or sell you an add-on to something you already have, such as a warranty for your car or “credit card insurance”. Once they’ve gained your trust, scammer might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Treat all unsolicited phone calls with skepticism. Do not provide any personal information. If you are being threatened with immediate arrest (a common Phishing tactic) on the phone, hang up and Report the incident to TIGTA online or at 800-366-4484.

What can you do to prevent this?

The first thing you can do is to turn on 2 Factor Authentication wherever it is available, starting with your email provider. The next, is to change your passwords everywhere (and don’t reuse them) by using a password manager such as 1Password or LastPass.

After that, we need to change the way we think about passwords and authentication. Companies like Launchkey are already at the forefront of this. Together, we can beat the scammers.

If you think you have been a victim of a phishing scam, don’t wait to act. Visit the SEC Phishing page for more info. Report any attempts that appear to be emanating from a particular company to that company. You can reach us at security@roceteer.com if you need help or advice.

Book your free call with one of our ROCeteer crew to help grow your business before all spaces run out!

Heather

Unicorn Whisperer @ROCeteer

A four-time CTO, on the board of 6 companies in diverse sectors, multiple award-winning, 5x-certified Executive Coach and mentor, published Author and international Public Speaker and the director of a non-profit. Has worked with the U.S. Navy, and NASA and one of the few female game developers to have a published title at THQ, and was an original founding employe of Evernote (Unicorn growth over 6 years). Heather is also the winner of the 2015 and 2016 Awards for Mentor/Coach of the Year, and is a ‘Top Writer’ on Quora.
BOOK TIME WITH A ROCETEER

Filed Under: Business, Technology Tagged With: , , , , ,