ARE YOU BEING MISLED?

An overall look at phishing and ransomware 

By Keri Kruspe

I know with the holidays coming around, this may not be the happiest subject to talk about. But, with everything going on and how much we are doing things on our computers, I wanted to give some practical advice on how to protect yourself.  

I’ve been working for the banking industry for over thirty years and one thing hasn’t changed in all that time. Bandits are out there and they want your money.

Personally, I’ve survived numerous physical bank robberies and bomb threats over the years. Working in Las Vegas for most of those years, I’ve watched how desperate people who lost it all at the casinos have resorted to do the unthinkable by robbing others. The threat was real… it was in your face and unavoidable. How you reacted to it determined the trauma afterward.

But during the ensuing years, another type of robbery has gained momentum to the unwary. While it might not be as physically dangerous as a bank robbery, it can have devastating consequences that the victim has to deal with for months, if not years.

I’m talking about cyber crime, especially regarding your bank account or credit cards.

In this article, I’m going to highlight a couple of areas:

           Define phishing and ransomware

·         Understand and identify common cyber crime tactics

·         Armed with this knowledge—how you can protect yourself.

 

Phishing and Ransomware: Social Engineering

 Social engineering is the practice of manipulating people into giving up confidential information (like passwords, bank account information, or access to a computer or network). Social engineering is so popular with criminals because it works! It’s easier to exploit someone’s instinct to trust rather than hack into a security program (or walk into a bank and point a gun at a hapless teller).

 Social engineering usually comes in an email, text, or phone call. These thugs pose as a legitimate institution and imitates a trusted business, financial institution, social media site or government agency. These messages will ask for private information or will get victims to download malicious software.

Phishing History

The term phishing became popular in the mid-1990’s. It’s a variation of the word “fishing” because phishers lure their victims with bait–such as an attractive offer. In 2004 they filed the first phishing lawsuit against a California teenager who created an imitation of the website America Online. He gained sensitive information from users and had access to credit card details to withdraw money from their accounts.

They estimate it that 1 in every 3,000 emails sent are phishing emails that costs companies in America an average of $1.3 million dollars.

Phishing Tactics

They design a phishing email or text to gain your trust and then trigger a response. It may include upsetting or exciting info that demands an urgent response. Typical words used are, “urgent”, “important”, or “outstanding payment”. These communications will ask you to “update”, “validate”, or “confirm” your account information online.

They’ll pray on greed by making attractive offers. They’ll claim, “You’ve won a free trip or lottery. Just click here and it’s yours!”

What they’re looking for are: social security numbers, full name, date of birth, full address, retail shopping account, loyalty reward accounts, username and password for online services, email account access, personal identification numbers (PIN), credit card, and bank account numbers.

 

How to Recognize a Phishing Attack

Here are some basic characteristics of phishing emails:

1. Generic Names “Dear Customer”
2. Poor spelling and grammar
3. Links to another website
4. Unrealistic threats/demands/offers
5. Sender’s emails address may look like a known organization, but something is off
6. Logo’s and Branding–somewhat similar but just a tad off

Malware

     Malware is short for "malicious software" and is a cyber-attack that typically starts with a successful  phishing assault. It's intentionally designed to cause damager after being implanted to a computer or server. These can be viruses, worms, adware, Trojan horses, and ransomware

Ransomware

     This is a sophisticated malware that is delivered to your computer via a phishing attack. Once it invades your computer, it stops you from using it and encrypts your files. You don’t have access to your computer unless you pay a sum of money to unlock the system with a decryption key. An advanced ransomware will encrypt system files, drives, or Master File Table. It’s almost impossible to recover from as the files cannot be accessed without the decryption key. 

      How to prevent Ransomware:

•     Watch out for phishing. Ransomware is sent by a successful phishing attack.
•      Install Anti-Virus software
•      Back up data
•      Filer email

      As our technology progresses, so will the criminals advance their ability to steal our hard-earned money. But fear not… all is not lost. Just remain diligent and remember that no financial institution will send you an email asking for personal information or to click a link. If you are unsure, call whatever place the email claims it’s from to verify its authenticity. Avoid any link clicking. Better yet… don’t open a strange email you are unsure of. 

      I know it’s a cliché, but keep this in mind… if it’s too good to be true… it usually is.