16 August, 2021
Phishing, is it really that big of a threat? Can a scammer really get much data from me? What is phishing anyway? What else should I really know about it and how can I keep myself safer? If you are asking any of these questions, then you might want to keep reading to learn more about the dangers of a phishing scam and what scammers are doing when they are phishing.
Phishing is a type of cybercrime that targets possible contacts via email, text message, telephone, or even fake websites where the person is posing as a person from a legitimate company/institution to trick a person into releasing their personal information. This information can be anything that could grant them access to all your personal/business information:
Those are just a few of the items that a phishing attempt might try to get from its victims. Once this information is in their grasp, they can turn around to use it for whatever they may like.
The phishers commonly use tactics of fear, urgency, and/or money to scare someone into giving them their private information. They make it sound like your account is suspended or your order is not going to be received unless you verify all your information. It could also be along the lines of how your payment information must be incorrect and you will have to re-enter it via the link provided. Please do not ever use the provided links! When in doubt, always go to the site/company yourself to verify that there is a problem and updated it directly with them.
Email phishing can also result in Malware being installed onto your device. This is done when the email has an attachment of some sort, like an unpaid invoice, that is for the victim to click, which is not a real invoice, and once it is clicked the file has now infected your device with the malware. Email phishing can be in the form of attaining your login information. This would be some type of email pertaining to how you need to “Your account has been COMPROMISED, follow the provided link to login and reset your password NOW!” This is where you should go to that website yourself, not via the link provided, and make sure you update what you need to update if you truly think that has been an actual data breach. Check out the writing in the circled area of the picture from an email that was received, this is not a legitimate email from Amazon and if you want to make sure, you can always log in at the Amazon website to verify your account with them.
Text phishing is a real problem as well, and the phisher will try anything to get you to give them your information. Like my text of how I “missed my delivery guy Michael and how he would like to get me my package” and he would like for me to click the link to confirm when he can come back. Well sorry, Michael, I do not have a package being delivered, so you will not be getting me to click. The delivery driver would not text you, the company like UPS, if you signed up for their notifications might, but not the driver. Plus look at the link that he is wanting the confirmation from, well that does NOT look like a legitimate link.
This text that I received was on the same line of me not getting my delivery after 3 attempts! Oh no, the package that I could have been waiting for isn’t going to be delivered! If you do have a delivery that is expected, go to the company you have ordered with and check your order there, do NOT fall for the tricks and become a victim of fraud.
This type of phishing is usually a person from respected company XYZ and something is wrong with your account or payment. My personal favorite is when the FBI is calling because someone in another state far from me, is using my social security number “please verify your social so we know we have the right person” and you are going to be arrested. Well, if you are telling me they are using my social then why am I going to provide you with it, or even verify that it is my social security number? Same with the “car warranty” calls, what if you don’t own a car or your car is 10 years old? Please keep mindful of what you are giving a stranger by phone. Do not verify any information that they might have on you or that you are providing to them. If you believe that you are in trouble, contact the company that is calling you by dialing the number that you have for that company, not one that is provided by the person on the phone.
To answer the question of how bad phishing can be using some of the information provided above it can be super dangerous. From having malware downloaded and infecting your PC not to mention this could also bring on a ransomware attack, to having all your personal data compromised. If the phisher is able to compromise a work PC the price could be high for the company to keep the data from getting leaked. An issue of the scammer getting the password(needing password help, read our blog on passwords) to one of your accounts, could result in them having access to other accounts if you are using poor passwords or using the same one on multiple sites. If the scammer can get access to your online shopping site, they could order things against your payment options on file, or if they are able to get your credit card number, again the price could be high on what they buy with it. If the scammer was able to obtain your social security number, they can now open numerous accounts/cards in your name, so when it comes to the dangers of what information in provided, the outcome could be substantial in hurt that it could cause. Please stay safe and know who and what you are giving your personal information and/or access to!
Let us provide an objective assessment of your current state and help you align your technology with business processes as well as industry best practices.