It seems like there has been a whole lot of phishing going on lately, and I have gotten a few emails that have given me a scare. Thankfully, after my heart went back into my chest, I realized that no, the CEO of the company I work for would not be emailing me from a sketchy AOL address and land in my junk folder, and if I really had been infected with WannaCry, I would not be able to read this email that is telling me I have WannaCry. But lots of people around me have not been so lucky, and have come close, or have, fallen for a phishing email. I’m sure the day will come when it may happen to me, so I can’t laugh and wonder what’s wrong with them. It’s not like they’re a pack of Sobbing John Rempels here. They are smart people.
Aside: I wonder whatever happened to poor John Rempel. I kind of feel bad for him, since we’ve been making fun of him for almost 10 years. Kind of, but not really if his story is accurate.
It’s true, the assholes who create the phishing emails are getting sneakier and sneakier, and some are doing their research to make the emails they send as convincing as possible, but I think what’s making them so successful is lots of people don’t stop and read. They see something, panic, click the link, and…there goes another one. Or, somebody has really done their homework and sent a message that the person is kind of expecting, but again the person is in a rush, and doesn’t notice that the email is asking them to sign this “mortage” agreement for their new “hosue” and answers…and only then the red flags start to go off
At work, the security folks sent out this video from the Centre for the Protection of National Infrastructure in the UK as part of a campaign to smarten us up about phishing and spear phishing. Basically, phishing is the term for the broad practice of sending out fake emails to lure people into clicking on things or giving out personal info, where spear phishing is a more focused version of phishing where the person doing the phishing has done their homework about their victim and has customized the email to be more convincing.
Unfortunately, the video has scrolling text that I certainly couldn’t get to read. Maybe others will have better luck. But I was lucky enough to be home with my mom, and we watched it together, so I know it’s a good video with good tips in it.
From what I can remember, the video said that everybody knows about the old “congratulations, you have won the lottery” emails, but phishing has gotten more sneaky these days, and you will get emails tailored to you. Because everything is moving so fast and everyone is busy, sometimes we miss those subtle tip-offs that this is a fake and fall for it, allowing scammers to get usernames and passwords or steal money from you. The video detailed 3 commonly-used features of these scams: they create curiosity, have a sense of urgency, and appear to come from people of authority. Basically, the video urged us to slow down and think, check the links and email addresses inside the message, and if you’re still not sure if this is real, go directly to the source of the email rather than clicking on a link in the message or replying to it. I think that was all that was in there…but if someone can capture the text from the video and give it to me to post, that would be absolutely super awesome!
Here is a quick Wired article basically saying the same thing. Aside: Dear Wired: I appreciate that you have a newsletter, but I do not appreciate being unceremoniously thrown into a dialog telling me all about it while I’m reading a story. That makes me not want to sign up for it, even though it might be awesome.
There are a couple of mentions of hovering your mouse over links and email addresses to see where they really go. Luckily there is a way to do it if you don’t use a mouse. Bring focus to the link or email address you want to check by tabbing to it. Then hit your applications key or shift f10 or whatever way you choose to right click on links and copy the link. Then open notepad and paste it in and see what you got. Then you know if the link is really going to your bank or PayPal or whatever. Try it here.
Did that link really go where it said it went?
I think we all need to slow down, breathe, and not panic. Nothing is so urgent that it can’t wait 2 extra seconds to process whether this makes sense. Scammers can do their homework, but they’ll always slip up somewhere. Stay away from the phish, everybody.