Email Phishing, Passwords and Safety Tips

bad_phishOne of the biggest problems with having an email is getting spam but it’s not as bad as phishing.  If you think getting too much spam is a pain in the ass, then you probably know that phishing is more like a horse kicking your ass up and down while you have your hands handcuffed to to a wall.  Sorry to be so graphic but it can get pretty bad so be cautious and don’t fall for the trap.

The basic habit is to try not to “always” click on a link from an email. So maybe 75% of the time you are totally fine, this might be a bit tricky cause you get a message from your friends or co-worker with a link to a funny youtube video or some blog/website that they want to show you and you trust these sources.  But then you get the “what seems to be normal” type emails but it might be phishing…but you can’t really tell.  The best way to find out is…”Don’t click on it”.   Here’s a good example: Facebook, Paypal, Google, twitter, youtube, Amazon, your bank account at Chase, or your favorite social networking sites are telling you that they’re doing a major upgrade and need you to sign back in and reset your password or need you to click on the link to update a major security problem that is happening so you need to log back in to the site make sure you get the problem fixed.  So what do you do?

The simple thing is look at the link and Google it or go straight the url on top of your search bar and type it in. Don’t click on shit and don’t click on something automatically, type in the url or use bookmarks so you can go straight to those sites that require a login and password.

phishing_email_hidingOne simple way to check if the url might be fake is when you hover over the link with your mouse, you will notice that the button doesn’t go to the right link.

Take this example of a respond now button on eBay and this could be Amazon or your bank account, facebook etc.  The bottom of the web page will have a link. So you might see something shady like www . sign-amazon-com-very-safe-com.com  for a fake amazon website that is trying to steal your password.  These assholes are getting pretty good, especially when they have realistic images and even know your username or preferences.

I have had a few occasions when some company sent me a major emergency problem and they wanted me to reset my password with a link.  I went to the website directly without clicking on that link from the email, logged in normally and nothing happened, no warning, it was a false alarm, and so I reported it on Google.

You might see this message if you using gmail.  They warn of you phishing and sometimes even if something is suspicious.

 

Here’s an example.

phishing-email

 

In this case, it was a person that never sent me an email before but I talked with her on the phone and did not have to report phishing, however I do have a pretty good internet security program that warns me of bad links or prevents my computer from getting compromised.  So how do those phishing assholes still manage to get away with phishing and why does it never stop. Well good question. I see it as a virtual world and the scam artist is taking everything to the digital world.

Take this photo for example:

 

phishing_setThis is a basic movie/film set but if you look at it from the phishing or hacker’s point of view, it’s not much different from a person pretending to work behind a building as long as you don’t see what’s going on behind the doors… in this case on the side.   The front/face of the email looks normal, the links look great and you’re getting mail from a trusted source.  All it takes is one password and they can get all your data.  This is a  nightmare for everyone so make sure you make it a habit of not clicking on every email link but going to the actual website.  Sometimes the website you are searching for can also be bad. Usually, you can go directly to a trusted source like google.com or amazon.com cause they are pretty good about security.

The only time that it will make the most sense to click on a link is when you actually forget your password from the website you are visiting and you choose to reset it.  In that case, you should get an email within 0.5 – 3 minutes. That email will usually be time sensitive and expire within an hour or less depending on the company.

There are lots of free website scanners that can actually check if a site is bad before you even click on it.  Wikipedia has a good article on phishing and I’m actually being a bit hypocritical cause I’m going to add the link here. Don’t click on it cause it might be a bad link that will take you to nasty website.  Actually it won’t but I think it would kind of funny if I did link it to some perverted non-malicious website, omfg, lol.  Ok moving forward, these problems are serious and they have multiple names like clickjacking, confidence trick, internet fraud, typosquatting. There are different variations of malicious and dangerous forms of illegal internet activity and your email is something you should always be very careful about with links.

There’s a lot more security warnings and issues that I can probably talk about all day long but I’ll try to keep it simple so here’s a few more tips.

1.  You need to have a strong password. Don’ be lazy.
2.  You should change your password every year if possible.
3.  Try to Not to log in to your bank account or websites with financial data (ebay/amazon/shopping sites) while using a public wifi as much as possible.
4.  Never save or store your password on a public computer (if you feel uncertain, change your password).
5.  Always cover your pin pad as much as possible even if nobody is around, cameras are always  around you…that includes the ones that are not supposed to be there.
6.  If you have your passwords written down in a notebook or notepad, leave it in a safe place. Do not carry it around with you in public areas or someplace that will be unattended.
7.  Don’t use any sequence/pattern of numbers of your last four digits of your phone number, address, and/or birth date.
8.  Turn your NFC off if you have that active on your smart phone and are not using it.
9.  Try to make it habit not to store or save your bank or financial passwords on any of your devices and computer but remember it mentally. I can understand that having the username stored on everything saves you a lot of time but keep a few passwords stored in your human memory might be a safer option.

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.