In The News‎ > ‎

Phishing update

posted Jun 20, 2014, 8:09 AM by Craig Cox   [ updated Jun 20, 2014, 8:09 AM ]
In an article in CSO Online magazine, author Stacy Collett gives a good outline of modern (and vile) phishing tactics.  Some of the highlights:
  • Depending on where they get your information, scammers may have both your email and your phone number.  They can therefore follow up a scam email with a phone call, asking you to open the attachment.
  • Scammers are using robocalls, automating the pitch on the phone like they do through the email.  Posing as your credit card company, they'll ask if you bought a big ticket item, and then ask for your credit card details in order to "fix" the phony problem.
  • If one of your health care providers suffered a breach, scammers are not above lacing a scam email with accurate health care information to fool you into thinking they're really your insurance company or HR department.
  • In a new twist, scammers have begun compromising the web sites of funeral homes.  They will then send you an email stating that some close friend or relative has died, with a link to the obituary on the compromised web site.  Clicking through to the funeral home web site (which was a perfectly legitimate business before it was compromised) infects your computer.
Defenses haven't changed, though.  The short story on beating these scams:
  • Be skeptical of claims made in unsolicited email and cold calls.
  • Don't let yourself be emotionally manipulated.  This is the scammer's way around your good common sense.
  • Watch for communication from "your bank" or "your store" or "your HR Department" -- such organizations should name themselves up front.
  • If you're unsure about the legitimacy of any call or email, contact the alleged sender separately.  Your credit card has an 800 number on the back of it.  Your bank statement should have a phone number on it.  Call and ask -- "is this for real?"
As always, if you'd like an in-depth discussion of these kinds of tactics, how to recognize them, and what to do about them, please contact me to set up a talk with your student, faculty or staff group.  These are provided for free to the college community.