To click or not to click - links, attachments and phishing
Photo by David Castillo Dominici
I love my mother. She is so thoughtful and always wants to share fun, inspirational, and educational emails with me after she receives them from one of her friends.
If someone in your life is constantly sending those forwarded emails with 100 people listed in the body of the email and a cute picture of a cat doing something hilarious, it may be time to have a chat. Those emails can be from well-intentioned people who truly are just sharing a cute photo, but the chance of the email having an infected link or attachment is high.
Phishing is a term that refers to attempts by individuals or groups to solicit personal information from unsuspecting users by employing social engineering techniques. The bad guys are getting good at making these phishing attempts look like the real thing.
Phishing attacks are on the rise, and a person with bad intentions can easily purchase kits online to teach them the tricks needed to perpetrate these attacks. In the RSA 2012 report, "A Year in Phishing" some startling numbers are reported:
Last month, I received an email from what appeared to be my credit card company. The last four digits of my card were at the top of the email, the company logo appeared legitimate, and the look and feel of the email matched the company branding. The email contained a link to what appeared to be my bank’s website and requested that I click the link in order to resolve a problem with my account.
Even with my background, I almost clicked because the email looked so real. However, I remembered that my card had been replaced two weeks prior by the credit card company after it determined the card had been compromised.
It was clear that the compromised number ended up in the hands of a criminal working a phishing scam. Cyber criminals often capitalize on events like the September 11th attacks, tax season, celebrity deaths, natural disasters and more. Be aware that these phishing attacks are not just showing up on your laptop anymore either. Many people now have a smartphones, which are increasingly attractive targets to cyber criminals.
A recent Wall Street Journal Article, "Smartphone users more likely to fall for email scams", points out that the phishing scams coming to smartphones are even more successful than ones on computers. It may just be that users are quicker to respond on their phone or that inherently it is harder to see on the small screen the suspicious details in an email.
Today’s Quick Tips (QT):
Resources for more information on phishing:
The Anti-Phishing Working Group: www.antiphishing.org
OnGuard Online: www.onguardonline.gov/phishing
To get more great information about staying safe online, including access to free monthly newsletters, webcasts and more, visit the Center for Internet Security at www.cisecurity.org. Stay tuned for our next chat!
Kristin Judge is the Director of Partner Engagement for the Center for Internet Security, Multi-State Information Sharing and Analysis Center. She can be reached at firstname.lastname@example.org.