Identifying Phishing attempts

In modern computer systems the weakest point (from a security perspective) is often times the person sitting at the desk. Tricking the person into opening up their computer can yield the best outcomes for hackers.

Remember it is best security practice not to accept something that is offered to you but instead to go through proper channels to get what you may need. Someone coming to you with an offer of help, especially one you may not have known you needed, is much more likely to have nefarious purposes than if you sought them out yourself.

Think about in the real world. If someone is too eager to offer help you start to wonder what their angle is. Why are they so keen to offer help? Often it is best to ask for help from a stranger than to accept help from someone who is approaching you offering. The odds that you will meet a nefarious character go way up when they are the one choosing to have an interaction with you.

The same concept can apply to computer security.

When a window pops up on your computer announcing that a virus has been detected avoid clicking any links in that window. Instead open your security application directly. If the announcement was legitimate there will be a big fuss there, often time with lots of red.

When someone calls you telling you your bank account has a problem be skeptical. Look up the bank's customer service number, either on their website or the back of your bank card, then call them back. If the original call was legitimate the caller will understand. If they try to get you to stay on the call to resolve the issue immediately using threats and scare tactics to keep you there, they are probably not the real deal.

And anybody that won't take a credit card for payment is scamming you. They may prefer PayPal or some other method, but if they ask you to send them a gift card or anything similar then do not associate with them.

Just like in a real-world exchange, you are much more likely to find the real information if you go looking for it. If you need to download an application, go to a trusted source; most operating systems now have a very good app store with a level of security built in. A link in an email can go just as easily to a website that looks like your bank as it does to your actual bank website.

A good rule of thumb is to reject what is offered without asking, accept what is requested.

But if you still are unsure, go find someone who knows about security.

Comments

Post a Comment

Popular posts from this blog

Alternate Email Domains, and Why You Should Never Use One

Recently my wife came to me with a problem. She was locked out of her account at a major social media site. She said her password wasn't working. She had just changed it recently but had never logged out and back in again so wasn't sure if she had recorded the new one correctly.  She had already tried the password recovery and reset options via email but she wasn't getting any messages from the company in her inbox. I searched her inbox for messages from the company and found a previous password reset email. The email came from security@facebookmail.com.  My blood went cold. A domain name like this is one of the tricks hackers use to get people to trust their emails.  I immediately ran a search of the WHOIS database which contains a listing of who owns particular domain names. I found the facebookmail.com is in fact  owned by Facebook's parent company Meta.  I have seen this from a number of companies. Instead of using a well-established domain name such Faceboo...
Read more

Email Aliases

 This is the inaugural post for a new series I will be doing called Securing the Tech. I will be publishing information about computer security. Sometimes it will be high level concepts, other times we may dig deep into topics. Hopefully it will remain relevant to what people are needing to know to make their lives more secure. Today we will be touching on email security. All of us have had that moment when we didn't really want to give our email address, but what else could we do? We give our email address at the risk of increased spam or likelihood of identity theft. But what can you do? Two words: email aliases . Most email services will let you set up multiple email addresses tied to the main email address you use. These "alias" addresses will allow you to keep your email address more private, though to be honest an alias won't work in all situations.  Depending on your email provider aliases can work very differently. I am not referring to "plus addressing...
Read more