Phishing: Don’t Click The Bait
So it turns out that Marriott’s reservation system has been hacked. The personal information of 500 million people has been stolen. (That’s the population of the United States, Canada, and most of Mexico combined).
And now security experts are concerned that this data will be used for phishing.
Phishing is a metaphor. In actual fishing, some kind of bait — in the form of real or fake food — is used to trick a fish into trying to eat it. The optimal result, of course, is not so good for the fish.
Phishing is a similar process, except crooks are the fishermen, your data is the bait, and you are the fish.
How does Phishing Work?
Imagine you receive an invoice from an online mall. It looks real. It’s got their logo, colors. It addresses you by name. Maybe it’s even got your account number (or the last four digits). It looks and feels legitimate.
The call to action is usually to click a link and log in to address some problem, or update some information, or consume a private message.
If you click, you’re biting. And if you actually log in with your username and password, you’re hooked.
How to Recognize Phishing?
What has made phishing such a successful criminal sport is that there is no foolproof way to recognize it. The bait is designed to be tricky and to prey on your insecurities. Yes, you could check URLs for unusual structures. Yes, you can employ tools — like Sophos — to try to keep phishing schemes out of your inbox. But inevitably one is going to get through.
What’s the Best Practice?
If you receive an email from some official body that’s asking you to click a link and log into their site, the best practice is simply this: Just Say No. Don’t click the link. Don’t log into the site.
Instead, open your browser, and type the address yourself. You know your favorite website addresses. You probably have visited Technology Revealed’s site so many times that the keys are in muscle memory.
And that’s good. It prevents you from being vulnerable. When you type an address manually, you’re bypassing the scheme entirely.
Still not sure?
If you remain concerned about email security, contact an expert to help. Phishing costs American businesses half a billion dollars every year. It’s much better to be safe than to be sorry.
If you need an expert to contact, Technology Revealed is at your service..