Translation Available תרגום זמין Traduction Disponible

לקרוא את הבלוג הזה בעברית, לתרגם הוא בצד הימין Pour traduire ce blog en Français, utiliser le bouton de traduction sur la droite de la page.

Tuesday, April 12, 2016

Gone Phishing?

No, not that kind of phishing


No, not the Rock and Roll kind of phishing either..

.

Yep.. This kind...


So, what exactly is Phishing...

According to Wikipedia:  "Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication."

For example, I received an interesting email the other day... It was from me, to myself, with a picture attached. Well, at least that was what the subject line said.  The funny thing was that I never sent myself a picture!  The "picture" was a ZIP file (a compressed file type used to easily move large program files on the Internet.)  Now, I am sure that if I had clicked the "zip" file that my computer would have been infected with some sort of nasty computer virus, trojan or "ransom-wear" that would steal my files until I payed a hacker to get them back!!

Sometimes the "phish" can be obvious, like the example I gave above.  Sometimes it is not so obvious, like an email that appears to be from your bank. So, here are some good general rules to follow:

1) Never, never, never open a file from your email unless you are expecting that file from the person who sent it.  Even better yet, have the person who is sending you the file include a secret word in the email so that you know it is coming from them.  In my emails, I start each one with a special opening word (No, I am not going to tell you what it is here... nice try...) that all of my contacts know.  This way, they know the email is really from me.

2) Never ever, ever share your password!  See my blog post on 03/30/2016 about that!

3) Don't download ANYTHING from a website unless you know for sure that it is a valid website. In the "old days" typing in "whitehouse.com" would take the person to "not-so-nice" website.  (For more info on this, read this Wikipedia article...) Many a young researcher made this mistake instead of typing "whitehouse.gov" For a while, hackers used websites that had URL's (web addresses) that were similar to some banks.  They would prompt you to enter your username and password and then forward you to the real bank website.  All along you thought you were on the bank website - until all of your money was gone. (This phishing trick has long been shut down, but it can still happen on non-bank sites - especially if you use the same password across many websites!!!)

4) Ever get one of those emails from "support" asking you to validate your account by clicking a link in the email?  DON'T!!  That goes double for a link from your bank.  Don't trust it!!  Open your browser and type the URL (address) for your bank manually. Same goes for credit cards, PayPal, Amazon and so on!  Also, don't click links in websites unless you know for certain that you are on the correct website (Like Mine!!! I test all my links before I put them on!!)

Best advice I can give you is always use common sense!  Be "on-your-toes" and Cavet Emptor - buyer beware!

So, what advice do you have on how not to be the victim of the next phishing attack.  There are certainly even more pointers that can be given.  Why don't you post them as comments to the blog site and share your wisdom!!

Regards...

Yossie (yes, it's really me...)


Yossie Frankel
Tech Specialist - CIJE

Checkout my blog: www.technorebbe.com
Twitter @yossiefrankel

No comments:

Post a Comment