What in the world is Phishing?
Phishing is an activity in which cyber-criminals collect passwords and credit card details of unsuspecting users. Common tactics include using emails, messages and contests which prompt people to enter personal details or open attachments. The collected information is then used without the person’s knowledge for gain of some sort.
The term phishing probably came from the idea that the criminals behind it “troll” the internet, setting “bait” (a freebie or an invoice) to “hook” prey (internet users.)
Often a phishing email or message promises something, good or bad. It may be a free gift certificate, a promise of free iPad or iPhone, or it may be a threat of action by an organisation, such as the tax department, an online payment service, or a bank. Either way, the promises are bogus. The intention is to harm not to benefit. The cyber criminals are after something much more valuable than your satisfaction: they want your sensitive information.
Phishing attempts vary in the level of sophistication, from laughable to ingenious. Poorer phishes often contain spelling and grammar errors or employ non-native English usage. Noticing these discrepancies can pay off. On the other hand, some sophisticated attempts are virtually indistinguishable from the real thing, down to the tiniest detail of the logo of the company being masqueraded.
How do you protect yourself from being duped by a phishing scam? Always consider the plausibility of the offer. Would a reputable business really give away an unlimited number of $500 gift certificates just as a promotion? Is there any need to promote the business or item? For example, free iPads are often offered by phishers. There is no shortage of demand for this product, so why would Apple or any retailer need to drum up interest?
Similarly, emails from an airline or delivery service whose subject lines suggest you have an outstanding invoice may be tempting, but if you have not purchased tickets or made an order, hitting delete may be the safest option. Opening an attachment on such an email may lead to a hassle-filled delivery: trojans, viruses, worms…all kinds of nasty-sounding cyber unpleasantries to infest your home network.
It is always best to assume that “there is no such thing as a free lunch.” People generally don’t give things away without some kind of string attached. In the case of phishing, the string leads directly to your personal details and ultimately to your wallet. When it involves agencies that purport to be the tax department or banks, you should always ring before completing any online form. Banks as a rule do not ask clients for passwords and have strict policies about contacting customers by email. If you receive anything purporting to be from the bank, take the time to confirm the source is legitimate.
If a company sends you an email or message asking you to “confirm your billing details” or “verify your account,” be wary. Decline until you’ve followed up by contacting the company involved. Definitely do not open any attachments on emails, as they may contain malware.
It is vital to train your children to be savvy in these instances. Their lack of life experience makes them susceptible to the tricks of scammers. While most adults have enough sense to know that no one gives away iPads or $500 gift certificates willy-nilly, a child/teen might not.
Be sure your student understands that those offers are deceptive and can have negative consequences. Teach them to scrutinise offers and notices, looking for the tell-tale spelling errors or odd wording. Encouraging young people to be cyber-sleuths, searching for anomalies and honing in on clues of fraudulence, can become a fun game, which will skill them up to stay safe and keep their information secure.