| by Shawn D. Stewart | No comments

Phish Phinding (and Avoidance)

OR You Think I’m Gonna Bite That?

Phishing, Smishing, Vishing – Sounds like a Lewis Carroll nursery rhyme.  Learn to identify and avoid these all too common hacks to keep your identity, your data, and your money safe! 

Phishing For Phools – Phishing attempts are those annoying emails that appear to be legit, but in reality are scams.  They are pushy, like a seedy used car salesman, urging you to hurry, because your password or account is locked.  Money is at stake.  Some of them look very convincing.  Practice, a keen eye, and a few seconds to breathe can save you a boat load of trouble.

A Bad Example – In this example, “Amazon” wants me to click the link and change my password because someone in California tried to access my account.  Let’s see if you can spot all the problems with this:

A Really Bad Example – Now this one comes in a bit more realistic but even then, there are hints that it is invalid:

A Keeper – Now, here is one that is real.  How can we tell the difference? 

False Positive – What happens when a legitimate email comes through but is so poorly written, we refuse to believe it?  Here is a false positive that, even though I know it is valid, I still deleted it, because they didn’t know exactly who I was:

Smishing – It’s short for SMS Phishing, hope that helps.  You know technical people, always looking for mashups.  These are mostly advertisements, but you need to be cautious.  NEVER click a link you receive in a text message on your phone.  Your mobile devices are less secure than your computer.

Vishing – The Social Security Administration and the IRS called me last week demanding money or I would go to jail…the guy was obviously in India with many others speaking different languages.  Social engineering attempts are growing and growing more cleaver.  But I had the best one yesterday.  A toll-free number called from “Comcast Xfinity” saying the network was down but if I provided my password, they would give me secondary access on their WiFi for free!  I was on my laptop when they called and on the Internet, so I responded rudely and hung up.  Doubt any call you get claiming to be a government agency or corporation asking for money or personal information.

Blocking Options – Unfortunately, the Feds failed with the universal no-call list.  Why?  Criminals don’t follow the rules, go figure.  What I have noticed is that most calls are from free services, such as Google Voice.  Some calls come from hijacked corporate phone systems.  The answer?

Public Chalk Art

Cut the Line – We still have a phone line in our house.  However, it is through a VoIP service that allows blocking of any suspicious or blocked number from the national registry.  What is that national registry?  It’s their own.  An actual “national registry of annoying schmuck callers” doesn’t exist yet.  Even if it did, the schmucks would just find new numbers to use.  I’ve already said we should consider removing email from our lives.  Perhaps it’s time we do the same with phone service.  It’s a thought.

Whitelist Addresses – Wanna get into the weeds?  Create a whitelist of those people, email addresses, and phone numbers that can reach you.  You can literally block out everything else unless you choose to add them.  This could lead to missing someone you might want to speak to, such as a legitimate service you want.  But it is the only way now to block out all the schmucks.  

When In Doubt – If the IRS wanted to talk to you, they know where you live.  Never rush into anything, whether in an email or on a phone call.  If there is doubt, reach out to the person or organization on a known-good number or email address.  Better safe than sorry.  Don’t be afraid to disconnect the call or delete the email.  If it is important, they’ll reach back out.

When did simple communications become a minefield?  We keep believing the old lie; computers and mobile devices make our lives better.  For business productivity, maybe.  For general Human life, not so much. 

We are all in this together. 

Want to see an article on a specific subject?  Need help?  Reach out. 

mm
Shawn D. Stewart

Mr. Stewart has 25 years of experience with hundreds of international, commercial, military, and government IT projects. He holds or has held certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell and others. He also holds a BS in IT, a Minor in Professional Writing and is a published author. He is scheduled to complete his Masters in Cybersecurity in August 2021.

Leave a Reply