The New Age of Phishing
Initially, phishing scams started out as a new form of junk mail—emailing individuals with a fake story to entice them to send money. With the explosion of mobile devices in recent years, phishing scams have migrated to smartphones with the advents of smishing, or phishing scams sent via text message instead of email.
These scams have become very troublesome and difficult to prevent. Today, phishing or smishing scams appear to be legitimate emails or texts from known financial institutions and enterprise corporations and often contain distinguishing information about the receiver that was obtained through viruses or hacking. As a result, individuals receive messages addressed specifically to them with some information about them in the email from a company with which they do business. These messages may have hyperlinks that would take the user to an equally as realistic but fake site, which requests user IDs, passwords or some other personally identifiable information. Often times the link simply takes users to a website that has malicious applications that run automatically when visited, infecting the individual’s machines and obtaining personal information. Other messages may not have any hyperlinks or request any information at all, but instead have embedded scripts or malicious applications that automatically run.
Phishing and smishing are very effective and difficult to protect against. In most cases, the only protection against them is end-user education. The following safe computing measures need to be taught and put into practice.
- Educate users that they should never respond to any email or text requesting any PII, financial information, intellectual property or client data.
- Never open emails/texts from anyone or any company you don’t know, and never click on any hyperlink that is included in an email/text from someone you don’t know.
- Email applications should be configured not to run embedded scripts or applications.
- If a company is requesting information, call a known number or go to their website to confirm the request is legitimate and respond. Do not call the number or go to the link in the email/text. Companies today do not and should not request information through emails or texts.
Although scammers are getting more creative with the ways they elicit private information, very simple precautions can keep personal and corporate information safe.