Don't get phished

You’ve probably heard about “phishing” – how the nefarious use digital world communications tools such as emails and text messages to try to con you into giving up Personally Identifiable Information (PII) or your login credentials to banking or online shopping websites.

If the impersonating nefarious actor is not outright asking you for your PII or website credentials, the message will probably contain a clickable link that leads you to a legitimate-looking but “fake” website that opens up in your browser. Due to increased sophistication, it has often become indiscernible from the real website, thereby increasing the risk of falling prey to the con.

If phishing, sometimes referred to as “bulk” phishing, is analogous to casting a wide net to catch a lot of fish, “spear” phishing is directed to a specific recipient. Phishing attempts I often see are of the former kind. People with huge fortunes or access to a bigger pot of ill-gained-gold can be spear phished. If successful, the latter is especially lucrative as “information” has higher value than greenbacks.

I wrote in my June 18 article that “we need to take ownership of what we 'can' control,” even in light of massive data breaches that we had no ability to prevent, by learning good habits.

Phishing attempts are unsuccessful if recipients ignore unsolicited messages. Sound familiar? Yep, it is the same as learning to ignore unsolicited robocalls and cold calls. Like I said before, your brain is the silver bullet as it can learn good habits.

Here’s one example of how a phishing attempt may unfold. Mr. Nefarious made a fake website that looks eerily similar to the online banking website for MACS Bank. He crafted a message inviting customers to click on the enclosed link to log into the security-enhanced new online banking website using their usernames and passwords. Then with a click of the mouse, Mr. Nefarious sent it to 100,000 potential victims.

Before the cloud, making 100,000 telephone calls would’ve been a daunting task. The effort necessary to make 100,000 calls was disproportionate to the handful who may fall for the con.

But with the advent of the internet, sending phishing emails to 100,000 potential victims takes only a second. Some recipients may not be MACS Bank customers and will discard the email after opening it. Some will be MACS Bank customers and will eagerly follow directions. Pretty effortless for Mr. Nefarious, unfortunately.

In this day and age, financial institutions do not ask for this information in a non-secure communication medium such as email or text. That should be another red flag that a message is a phishing attempt.

Ultimately, I hope you will develop good habits and ignore – i.e. not open – unsolicited emails and text messages altogether. Not acting on phishing messages will minimize the risk of being a victim.