Consumer phishing scams targeting the most vulnerable are increasing. One reason for the increase is that these types of scams are very low cost scams which have a great return on investment. One of the online definitions for phishing is "the activity of defrauding an online account holders of financial information by posing as a legitimate company". But the definition needs to be expanded to something like "phishing scams target consumers and employees in a variety of forms to steal any personal information some of which can be used to defraud companies and people".
One indication of the urgency for educating people about the dangers of phishing is the claim by Google that 2 % of all Gmails are designed to trick people into giving up their passwords and other personal information. Ironically, 45 % of all effective phishing attacks are successful in achieving the goals. These numbers are huge and really show the number of phishing attacks that we all endure on a daily basis. Even the most experts among us sometimes fall to the well designed traps that bright criminals place in front of us.
There are a variety of terms to describe the phishing crime with a subtle distinction such as vishing and smishing which are all similar attacks designed to fool people into giving up personal and financial information which can then be used to gain access to accounts and defraud account holders.
To address some of the online phishing risks, Google has launched Password Alert in Chrome which is designed to warn people when they enter their account information into a fake website and also encourages account holders to use different passwords for different high risk accounts. Since Chrome is designed to remember passwords for the Password Alert service, it is highly likely that Chrome will be the target of hackers even though the stored password is scrambled. Also, privacy may be an issue to some people since the feature can read and change data on websites and know the email address.
You’re probably wondering what the heck is vishing and smishing, right?. Vishing is referred to phone phishing scams and SMiShing is short for SMS phishing which refers to tricks to force malicious software download on mobile devices.
Any time you are asked to click on a link in an email and a text message, or, when you are asked to download a certain software application or to fill out a form on a website, you need think more than twice to make sure it is a legitimate request. Ask yourself where did the request originate from, pay attention to the sender’s email address and don’t be fooled by the well designed look and feel of the email and or the website. Although, criminals continue to make mistakes which makes it easier for us to detect consumer phishing scams, some are well designed and conceal the identity of the sender, or even worse, change the identity of the sender to some people and businesses you recognize to make you act quickly without thinking.
The best approach is to contact the person or the company by phone and ask if such a request was initiated by them. You may even receive an email or text from a friend who is asking you to watch a video or something else. These friendly emails and texts may be spams and it’s better to ask your friends if they sent it you before you click and before it’s too late. If in doubt, delete immediately.
Read an article about spear phishing.