I seem to be the person my family goes to to check out suspicious emails or websites or news items shared on social media. Anytime a story or email smells a little bit “off”, it gets sent to Uncle Mark to check it out.
I want to talk today about “Phishing.”
Phishing is defined by the RCMP as e-mails, text messages and websites sent by criminals that designed to look like they come from well-known and trusted businesses and government agencies in an attempt to collect personal, financial and sensitive information. I figure that it can’t be that profitable. Or if it is, it could be a lot more profitable.
It just seems so easy to spot most phishing attempts. Why wouldn’t the perpetrators hire a proofreader to make their email more believable?
Let’s look at the subject lines of some actual pieces I have received over the past week:
- Congratulation’s!! [from “MICROSOFT® (UK. Regional Office)”]
- Please update your Apple ID is disabled for security reasons. [from “Apple Helpdesk”]
- Recent suspicions activity on your online account [from “Wells Fargo”]
Some get the “Subject” line right, but fail on the body:
- Dear Bell Customer, We are sending this email to let you know that your credit card has been expired.
- Please check and forward this email to all employee’s [with zip file attached]
- Please check this documents and let me know your thoughts [with zip file attached]
- Royal Bank Of Canada: Dear Valued Customer/Client , Our records show your banking profile informations are inconsistent or outdated to this end we request you to kindly verify or update your banking informations to ensure service stability.
Those are a few examples of why I figure phishing can’t be that profitable. Just imagine how much more convincing they would be if the crooks could actually gain some literacy skills. Or how much less successful they would be if the victims were able to spot the grammatical errors.
Or maybe the bad guys are consciously targeting people who just weren’t paying attention during their spelling and grammar classes. Are you smarter than a 5th grader?
Phishing is a serious scourge that reduces trust in e-commerce and digital communications. As the RCMP website suggests,
- Be suspicious of any e-mail or text message containing urgent requests for personal or financial information (financial institutions and credit card companies normally will not use e-mail to confirm an existing client’s information).
- Contact the organization by using a telephone number from a credible source such as a phone book or a bill.
- Never e-mail personal or financial information.
- Avoid embedded links in an e-mail claiming to bring you to a secure site.
- Get in the habit of looking at a website’s address line and verify if it displays something different from the address mentioned in the email.
- Regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs.
- A number of legitimate companies and financial institutions that have been targeted by phishing schemes have published contact information for reporting possible phishing e-mails as well as online notices about how their customers can recognize and protect themselves from phishing.
- Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
As an industry, we need to do more