Hi Reader,
It might seem that we've been discussing the topic of phishing a lot lately.
That's true.
It continues to remain the top way malware gets onto devices.
And it still manages to trick people to give up their personal information.
The tech-savvy pal I spoke of last week—he just got his bank account unfrozen today (and it's been 12 days since he took the bait).
Phishing scams are made to trick individuals into divulging their sensitive information (e.g. passwords, payment card details, or all other kinds of personal data), some that you don’t even think is all that useful to someone trying to scam you.
The fact is any piece of information a cybercriminal has on you can be put to use in some sort of scam.
That’s why they are so persistent at attempting to get to everything possible.
And as we continue to get better at staying on top of the attacks, the bad guys are also getting better at fooling us.
Most often, we get links in emails or in text messages that the scammers hope we'll click.
However, in a recent scam, Check Point security is warning about the use of images to get those clicks going.
It’s quite clever because we typically can call out phishing by finding errors in grammar, graphics, or use of the language.
But if you get an image, those are not a factor.
In this particular scam, the image may appear to come from a big retailer, such as Amazon or Target, promising special perks.
To add a few to last week's, here are some (more) tips to avoid falling victim to phishing scams:
Be Vigilant and Verify
Be skeptical of unsolicited emails, messages, or phone calls asking you to click a link or image or ask for personal information.
Legitimate organizations typically do not request sensitive data via email or other insecure channels.
Even if they do, it's a safer means to log into your account yourself, and check for any notifications instead of clicking something in a message.
Verify the authenticity of the sender by checking email addresses, domain names, and website URLs.
Cross-reference any suspicious requests or offers by contacting the organization directly using their official contact information.
Don’t reply directly to any of the messages. The hackers are waiting on the other end.
The friend I keep referring to said, after he was fooled into logging into a fake portal, he got two calls within the next 24 hours. BOTH claiming to be calling from very popular crypto exchanges, trying to scare him into believing that his accounts had been compromised.
Strengthen Password Security
Create strong, unique passwords for each of your accounts and change them regularly.
Enable two-factor authentication (2FA) whenever available, as it adds an extra layer of protection by requiring a secondary verification method, such as a code sent to your phone.
However, if you have the option to use a hardware key, an authenticator app, or key fob that generates random codes, choose one of those over email or text codes.
Educate Yourself
Stay informed about the latest phishing techniques and scams.
Be cautious of common phishing red flags, such as poor grammar, urgent requests for personal information, or offers that seem too good to be true. These do still exist and aren’t slowing down.
Three well-known phishing scams
There are numerous phishing scams and endless versions of many of them. The following are a few that come around on a regular basis, albeit in various forms.
- "Nigerian Prince" or Advance Fee Fraud: This scam typically involves an email from someone claiming to be a wealthy individual or a government representative seeking assistance in transferring funds. The victim is enticed to provide their personal information or financial details in exchange for a promised share of the money.
