“I remember how trusting my parents were with people, no more. Now you must be in guard all of the time.”
The IRS published its top scams to help the US Taxpayer avoid being taken advantage of and cheated. One of the biggest scams and one that has grown in its use is Phishing. Let’s start with the basic definition of what Phishing does and how harmful it can be.
According to the IRS. “Phishing scams target individuals with communications appearing to come from legitimate sources to collect victims’ personal and financial data and potentially infect their devices by convincing the target to download malicious programs.”
We called these people criminals; now, of course, we have selected a section of these lawbreakers and renamed them: Cybercriminals.
Thieves, criminals, cybercriminals all are after the same thing, your money. The process usually starts with some communication designed to lure you into “clicking” on a link or a text. This allows the “bad guys” to access your electronic device, learn more about you, and generally find the “key” way to your money or banking accounts. Emails and texts are not their only tools; these “slime balls incorporate all sorts of social media posts or messaging.”
On the surface, these schemes look legitimate, and they can be tricky to detect. Many are cleverly disguised as an official-looking message, mimicking the IRS and other authoritative government departments. If you receive one of these inquiries, do not be afraid, help is found in many places. The first rule is to never respond (click) to anything that scares you or looks like it might be official. The IRS does not use email to communicate with you regarding any tax that may be owed. The IRS uses the US Post Office for their communication.
One large Phishing effort is tied to the recent stimulus checks program instituted by our government. But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing, like your bank or credit card site, where you are enticed to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your data, which is sold to other sources who use it to access your funds and assets.
Like all things, Phishing has evolved and grown more seductive with new and various variations and techniques.
- Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls. They attempt to scare you and get you to provide information that will lead them to other sources that will damage you.
- Smishing scams happen through SMS (text) messages. These small messages also can contain a link, and if you respond, they can gather information about you via your telephone. The data could be your contact list, where they use it to gather in more unknowing people who think they are communicating with you.
- Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites. These can be especially bad if you have your banking and other financial information on your computer.
Defense against the Dark Arts!
For an attack to be successful, it must complete three steps:
- The phishing email must make its way through the gateway to the user’s inbox. Most good gatekeepers (protective software) can help stop this entry; the problem comes when the link in the message is clicked.
- The user must successfully execute the payload by adding the malicious software.
- The payload must be able to communicate with an external command/control server successfully. (via the internet)
During each of these steps, there are defenses you can implement to thwart the attack.
Here is a link to Carnegie Mellon University Software Engineering Institute: Defending Against Phishing (cmu.edu)
Does this all seem hopeless? I know in a way it does, but you have the ultimate solution. Don’t open unknown emails, don’t click on links you are not sure of, and ask for help. Together we can stop these creeps and let them Phish where they should be, in the Big Tank!