Gone Phishing

Every computer owner has heard countless horror stories about hackers taking advantage of people—no doubt some of you have experienced Internet scams first hand. All too often, the young and the old are being tricked into giving up their credit card information, social security numbers, passwords, bank account numbers—the list goes on. But the real question for many of you is: how did it happen? How does a person or a group of people hack into your computer? Read on for the answers to these questions. 
 
Each day, hackers deliver “the bait” via websites, email and text messages. The unknown factor is whether you will bite. If you have bitten, don’t feel bad, ignorant, or foolish. Even the most seasoned IT professionals have taken the bait before…including yours truly. So, to increase your knowledge and awareness, let’s take a look at a few of the most popular techniques. 
 
The first method is called “spoofing.”  Spoofing is when a hacker designs corporate-looking emails that will instruct you to take precautionary actions to secure your accounts. The use of corporate logos from Google or Microsoft as well as return email addresses like helpdesk@gmailsupport.comorhelp@microsoft-support.commake these emails look very legitimate, and can easily dupe you into clicking a link that contains a virus or malware. By clicking, you run the risk of installing that virus on your operating system, which inherently puts your files at risk. 
 
The second most common form of fraud is called “phishing.” Phishing is actually a distinct form of spoofing because it first deceives people with authentic-looking messages.  However, phishing goes a step further by giving you a link to an imposter website that asks the user for sensitive account information like user names, passwords, and credit card information. 
 
Now that we’ve established the most common forms of hacking, we come to the really useful information: how you tell the difference between a legitimate email and a spoofing or phishing email. The list below contains some useful tips:
 
1) Look to see if the link contains a different URL (web address).
For instance, you receive a message from FedEx that says a package cannot be delivered due to a problem, and you see a “track package” button contained in the email. Always make sure that you hover the mouse over the top of the button—it will show you the destination web address. If the link address is https://www.fedex.com/en-us/home.html, you are all good, but if it says http://grupoedres.com/lund.exe DO NOT CLICK THE BUTTON. 
 
2) Verify the email sender’s address.
Let’s say you receive an email or text message from a friend asking you to quickly send them money because they have recently been arrested while on vacation. Instead of inspecting the email/text thoroughly, you hit reply and start a dialogue with the hacker. Most email and text applications integrate with the address book, so instead of displaying the friend’s full email address or mobile number, the phone or computer only displays their name. So how do you tell if the person is legitimate? Click on their name in the email header or text message header. The name may be your friend’s name, but it probably is not the correct email address or phone number. If there are inconsistencies in the contact information, DO NOT RESPOND.
 
3) The message or text contains poor spelling and grammar.
Unless you have been hanging out in Eastern Europe lately, poor grammar and incorrect spelling should be your first clue about a potential scam. DO NOT RESPOND. 
 
The best way to protect yourself from these malicious hackers is to be diligent—read thoroughly and keep your virus and malware protection up to date. Trust your gut. If something doesn’t look right, don’t fall for the bait!