With the recent phishing attempts running rampant across the web this week, I thought it would be a good time to explain what’s happening and how to further prevent yourself from becoming one of the victims in this scenario. What has been happening is users get contacted by what seems to be legitimate partners asking the user to provide them with their passwords. Phishing is only successful if you let down your guard and do not use a process before providing passwords to emails.
Follow these few steps and you’ll find you will gain piece of mind when working online.
- Most (if not all) companies will NEVER ask for your password in an email. If you receive an email from a website you frequent that asks you to reply with your password, this should raise a red flag immediately. Treat online passwords like your Social Security Number and you’ll never have an account phished.
- All Phishing emails will use bogus links to what they want you to believe is the legitimate website. This was very popular (and still is) for the PayPal scams. You will receive an email saying your account needs updating and to follow a link that is included. This link will not go to the actual PayPal site, but a fake site setup by the hacker to steal your account information. One rule of thumb with this is to always open a new browser window, type in the address and visit it yourself. Meaning, if it’s PayPal, open a new browser and type in ‘http://www.paypal.com’ and log in. From there it’s always good to revisit the email and see what they were trying to warn you of and make sure your account has not been compromised.
- Change your passwords. I know this sounds like a pain in the butt, but it’s the BEST method of protecting your identity. I try to make sure I change my personal email password every 90 or so days. Even adding a character, or reorganizing a password (changing bob12jane to jane21bob) can be effective.
The current phishing scheme has affected some 30,000 accounts online this week and has included the big powerhouses like gmail, yahoo, aol & hotmail. These accounts then go on the black market and for example you can purchase 1000 gmail account names & passwords for 11 USD. With this information who knows what the hackers can find out. Microsoft has launched an investigation into this phish, but the information that has been stolen can never be recaptured.
Gmail was quoted as saying:
“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”
The firm stressed that the scam was “not a breach of Gmail security” but rather “a scam to get users to give away their personal information to hackers”.
Today might be a good day to put Idea #3 from above into practice!
Take care and feel free to drop me a line if you have any questions! You people need to leave me some comments!!
