Friday, August 4, 2017
The Dangers of Spoofing and Phishing
Lately, I have been noticing a consistent rise in both spoofing and phishing. Spoofing is when someone impersonates another, usually a known entity, to obtain personal and private information. Spoofing is often used in tandem with phishing since both attempt to use a "trustworthy" entity as a way to fool a computer user with the intent to harm the user.
I get several phishing comments to my blogs every week. They usually try to get me to post the comment so someone will click on the embedded link. In some cases, these phishing comments are merely trying to puff up the number of hits to their website, but in some cases, clicking on the link may connect your computer to a website that will immediately download malware.
Both phishing and Spoofing are often hard to detect. The most common and most dangerous practice is an email that appears to be from your bank or other trusted entity. In some cases, clicking on the email can immediately compromise your computer. But in most cases, the bad content comes in the form of an attachment. In both cases, the bad actor is trying to get you to divulge personal information.
The first level of defense to these harmful activities is to avoid opening (clicking on) email from an unsolicited or unknown entity. In addition, if you do get an email that seems to be from your credit card company, bank, the IRS, or some other financial or governmental agency, never open an attachment. Simply, delete the message and then, if you are still worried about the content, call your credit card company, bank or the agency and see if they really did send you an email requesting information. You will almost always find out that banks and the government agencies will not solicit private, personal information by means of email messages. By the way, never use the phone number in the email to call the entity. If you do not have the phone number already available, look up the number for the branch or location where you send your bill payments or do your deposits.
Look carefully at all correspondence asking you to click on a link or open an attachment. Check to see if the URL (address) of the website matches the company mentioned in the email. As you review the email, watch for misspelled words, poor grammar or inappropriate references. One venue for phishing is Facebook.com. You may get a "friend" request from someone you are already connected with. You may also get friend requests from people you do not know and it appears that you are their first friend. I routinely ignore these requests. I do not even decline or refuse them because I do not want the person to know I am real.
You can "hover" over any link to make sure that the link stated in the correspondence and the connecting link are the same. If they are not, simply delete the email. In some extreme cases, I have called my friend on the telephone to ask them if they have sent me a duplicate friend request.
The best defense is to be vigilant and think before you click.