Most Americans recognize the importance of online security. Unfortunately, they have a rather narrow view of cybersecurity, which puts them at grave risk. They understand that certain forms of malware can be used to gain access to their online accounts and steal their money. However, most people have little awareness of more sophisticated types of theft, such as phishing.
Phishing is a growing problem in the United States. Over the past year, over 26,000 people were victims of some form of a phishing attack. These types of scams reportedly cost Americans almost $50 million. The FBI 2018 Internet Crime Report shows the prevalence of phishing attacks has increased and the trend is likely to continue.
Why is phishing such a serious problem? There are a couple of reasons:
- The stereotype of hackers being socially inept technocrats has not helped. Many hackers are actually very socially savvy psychopaths. They are skilled at creating highly intricate social engineering campaigns, which makes it easy to dupe their victims.
- Most people overestimate their ability to see through these types of scams. The problem is that they often are not on their guard. Common phishing scams are designed to mimic the types of interactions people have every day, so people that are not careful might fall victim.
Here are some examples of phishing attacks that are frighteningly successful. People need to learn how to protect against them. You should learn from these incidents, so that you can avoid making the same mistakes other people did.
John Podesto gets his email account hacked by someone in person it in Google
This incident is probably the most infamous example of a phishing attack ever. John Podesto, the campaign manager for Hillary Clinton, received an email from somebody impersonating Google. The person sending the email claimed that the account has been breached by and an authorized user in the Ukraine. Podesto was told to click a link to reset his password.
Of course, Google didn’t send the email. The hackers that sent it were able to capture his email address and gain full access to his email records. These emails were then released to WikiLeaks, which shared them as part of a Russian smear campaign against Clinton. This phishing attack likely made a big difference in the campaign and contributed to Clinton losing the election to Donald Trump.
GoFundMe scam
GoFundMe is a double edge sword. The website makes it much easier for people to contribute to charitable causes. However, it has also opened the door for a number of scams.
A couple high-profile phishing scams have gained a lot of attention. One couple created a bogus story about raising money for a homeless veteran that gave them the last little bit of money he had. They duped people out of $400,000 with it. An African-American college student claimed her parents had kicked her out of the house for supporting President Trump, so she got Republican donors to give her money as well.
Some GoFundMe phishing scams are even more complicated. They may send emails and redirect people to a fake webpage that resembles the actual website. The hackers can then use that page to steal financial information or trick people into downloading keylogger applications.
Fake invoices
Many phishing scams use fake invoices. They pretend to come from legitimate websites, such as Target, Amazon or PayPal. They tell people that they have a balance to do that must be paid or they will lose access to their account. The scammers will send an email and check people into going to a webpage that tries to steal their information.
What can people do to avoid phishing scams?
There are a few things that can help you avoid being the victim of a phishing scam. Some of the most important precautions are listed below.
Always look at the email address carefully
Phishing scams typically try creating a name for their email address of that resembles interested organization. This is going to be most visible when you look at the email header. However, you can hover your mouse over the actual email and see what the actual email address is. If it doesn’t match the domain of the organization, then that is probably assign it is a scam.
Keep your malware protection up-to-date
Scammers don’t rely solely on malware to defraud the victims. However, malware is still a part of many phishing scams. Keep your malware protection up to date as an additional safeguard.
Contact organizations directly through their webpage or main phone number if you aren’t able to verify the identity of a color or email sender
Tell the person that you are going to message them directly through the company. If they are legitimate, then they won’t have a problem with this.
