You are viewing this article in the AnnArbor.com archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see MLive.com/ann-arbor
Posted on Thu, Apr 26, 2012 : 11 a.m.

To click or not to click - links, attachments and phishing

By Kristin Judge

671342l43btktw9.jpg

Photo by David Castillo Dominici

I love my mother. She is so thoughtful and always wants to share fun, inspirational, and educational emails with me after she receives them from one of her friends.

If someone in your life is constantly sending those forwarded emails with 100 people listed in the body of the email and a cute picture of a cat doing something hilarious, it may be time to have a chat. Those emails can be from well-intentioned people who truly are just sharing a cute photo, but the chance of the email having an infected link or attachment is high.

Phishing is a term that refers to attempts by individuals or groups to solicit personal information from unsuspecting users by employing social engineering techniques. The bad guys are getting good at making these phishing attempts look like the real thing.

Phishing attacks are on the rise, and a person with bad intentions can easily purchase kits online to teach them the tricks needed to perpetrate these attacks. In the RSA 2012 report, "A Year in Phishing" some startling numbers are reported:

  • In 2011, approximately one in 300 emails was “deemed to contain elements pointing to phishing”
  • An average phishing attack yields the attacker $4,500 in stolen funds
  • Approximately 86 percent of the U.S. banking sector brands were targeted with phishing scams in 2011.
  •  

    Last month, I received an email from what appeared to be my credit card company. The last four digits of my card were at the top of the email, the company logo appeared legitimate, and the look and feel of the email matched the company branding. The email contained a link to what appeared to be my bank’s website and requested that I click the link in order to resolve a problem with my account.

    Even with my background, I almost clicked because the email looked so real. However, I remembered that my card had been replaced two weeks prior by the credit card company after it determined the card had been compromised.

    It was clear that the compromised number ended up in the hands of a criminal working a phishing scam. Cyber criminals often capitalize on events like the September 11th attacks, tax season, celebrity deaths, natural disasters and more. Be aware that these phishing attacks are not just showing up on your laptop anymore either. Many people now have a smartphones, which are increasingly attractive targets to cyber criminals.

    A recent Wall Street Journal Article, "Smartphone users more likely to fall for email scams", points out that the phishing scams coming to smartphones are even more successful than ones on computers. It may just be that users are quicker to respond on their phone or that inherently it is harder to see on the small screen the suspicious details in an email.

    Today’s Quick Tips (QT):

  • Do not respond to unsolicited e-mails from unknown and untrusted sources.
  • Do not open any attachments contained in suspicious emails.
  • Do not respond to emails requesting personal information or that ask you to "verify your information" or to "confirm your user-ID and password."
  • Beware of emails that reference any consequences should you not "verify your information.”
  • Be cautious about all communications you receive including those purported to be from "trusted entities" and be careful when clicking links contained within those messages.
  • Remember the national Stop.Think.Connect. Campaign. Stop and Think before connecting!
  • If an email appears to be a phishing communication, do not respond.
  • Play the online game at www.phish-no-phish.com to learn how to identify a bogus site.
  • Forward suspicious emails to the Federal Trade Commission at spam@uce.gov.
  •  

    Resources for more information on phishing:

    The Anti-Phishing Working Group: www.antiphishing.org

    OnGuard Online: www.onguardonline.gov/phishing

    To get more great information about staying safe online, including access to free monthly newsletters, webcasts and more, visit the Center for Internet Security at www.cisecurity.org. Stay tuned for our next chat!

    Kristin Judge is the Director of Partner Engagement for the Center for Internet Security, Multi-State Information Sharing and Analysis Center. She can be reached at kristin.judge@msisac.org.