By Nicholas Hamner
Investment Advisor Representative/All-Around Nice Guy
[email protected]
Let’s suppose someone finds out you have a nephew named Timmy. They find a photo of Timmy, print it out, wear it on their face like a mask, and come and knocking on your door saying, “Let me in, I’m Timmy”. Are you letting them in? Are you giving them money? Are you trusting them with anything of value? No, you’re not.
Yet, the Internet version of this is the most common type of cybercrime seen today. It’s what is known as “phishing”. Scammers try and trick you into giving over your login credentials. Once they have that, they’re going to dig into your stuff and try to get to your money. Or wreck your network. Or hold your company data for ransom.
We’ve written about scams plenty this year: I wrote two articles and Jeremy wrote a third. Those were on long, drawn out scams with very technical complications and a good amount of patience on the part of a scammer. Phishing isn’t complicated and it doesn’t require a whole heck of a lot of patience. It’s just social engineering—aka trickery—done up digitally, but it’s dangerous because it’s how most of the more serious cybercrimes start.
Take a look at these two emails and see if you can spot if either of them is fake:
Take a look at what they show you. Look at the “From” address. Look at the link they want you to click. Anything look off?
Let’s zoom in on that first one.
Look at that image on the left. It says “microsoft”, right? Look close.
It’s actually rnicrosoft. If you’re still not seeing it, I’ll put it in all caps. It’s not MICROSOFT. It’s RNICROSOFT. But at a distance, it sure looks like microsoft, doesn’t it?
Now look at that image on the right. Anything stand out? Microsoft does have a portal called Live that some of their entertainment and consumer-facing services are routed through, so it’s not uncommon for Microsoft to issue a link to live.com but… does that say “live”? It’s actually linking to “liive” with two i’s.
This is not high-tech trickery. This is not forging a knockoff Monet and plotting an art heist like Thomas Crown. Phishing relies on simple typos that the average person will catch 99 times out of 100. But as long as they fail to catch it that 100th time, scammers are still going to be successful phishing and your inbox will keep getting flooded.
So how do you stop it? You can’t. Phishing emails are like ants in the kitchen. You stop them coming in in one place and they find two new ways to keep coming in. You can only avoid phishing scams by remaining vigilant and not falling for them, and then putting in an extra level of protection in case you do slip up.
On the vigilance end, Google put together a fantastic quiz to help keep your phishing defensive skills sharp. Give it a run through here: https://phishingquiz.withgoogle.com/. On the security side, most phishing attempts are an attempt to gain your login credentials, I would recommend implementing two-factor authorization (2FA) on every account that you can. How you do this will vary from site to site so there’s not an easy reference I can place here. But most sites you use will walk you through the process.
Stay sharp out there! Don’t let any stray Timmys into the house.