January 23, 2020. Our program featured Matt Welser who is the Innovative Technology Analyst for Pinebrook Family Answers. The advent of personal computing devices and access to the World Wide Web has opened up an incredible world of resources, information, and criminals. The personal information exchanged electronically can be of great value when leaked into the wrong hands.
The cost of breeches last year was estimated at $12 billion and that number is on the rise. Sometimes the data is leaked when hackers breach security of large databases, but increasingly, the criminals are enlisting the help of victims to gather the data. This practice is known as “phishing” and can be defined as the fraudulent practice of sending emails purporting to be from reputable companies in order to convince individuals to reveal personal information, such as passwords and credit card numbers. Once the information is obtained the crooks can then use it themselves or sell it for profit. Some phishing schemes don’t gather the data but they encrypt the victim’s computer so as to render it unusable. The crooks will unlock the computer for a fee. This is called “ransomware”. The key is they need the victim to respond in some way. This can be by opening an attachment, clicking on a misleading link, or simply replying to the email.
The practice of phishing is on the increase because it works. 30% of phishing messages do get opened. The phishing schemes are often quite convincing. They use personal data such as names, titles, and employer names. Targeted people include financial and HR employees, C level executives, and people over the age of 55. Some of the information is garnered from the breach of large databases but a lot of the information is readily available for free on social media.
Users can protect themselves by learning to spot red flags. Watch out for unexpected correspondence from friends or business associates. The senders name may be familiar but the topic of the message is often off topic. Check to make sure that the domain information matches the sender. Beware of anything if the sender is unknown to you. Do not open attachments with file extensions such as .exe or .zip. Opening these files can trigger the installation of malware on your machine. Embedded links in emails are often fraudulent. Hovering the cursor over the link will reveal the real destination of the link. Phishing emails often confer a sense of urgency because they don’t want you to spend time thinking about it. Don’t respond to urgent requests for money or assistance. Above all, trust your instinct. If something seems wrong, it probably is. When in doubt: don’t click, don’t open, don’t forward. Instead: do delete, and do report to your IT department.