Gone Phishing, Don’t take the (Click) Bait

In the past, I have taken a month off from my Third Thursday newsletter to take a vacation. The title of this month’s article may lead you to believe that I am taking another vacation and going fishing. Nothing could be further from the truth.  Read further to learn how to not take the click bait.


I recently received an email from a legitimate source. I knew the sender and I was expecting the person to send me a document. But, something struck me as odd when the attachment was named, “Report Results.” What I was expecting had nothing to do with a report. Rather than click the link, I called the person and asked if they had sent me the email. They had not. Notice I picked up the phone, and not merely hit reply.


The email I received was not from the person I was expecting, but instead was an attempt to trick me into providing personal information. Such emails are known as “phishing” schemes. Phishing is defined as the fraudulent practice of sending emails purporting to be from reputable sources or companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. As the title suggests, don’t take the click bait.


How to identify Phishing attempts

Internet scamming has gotten much more sophisticated and emails can look like they are from colleagues or trusted companies. You must slow down and pay attention to the emails which you receive. They are meant to look as convincing as possible. And let’s face it, most people click anything which is put in front of them. Carefully review the message of the email as well as the exact sender. These can provide clues. When in doubt, call the sender and inquire. Simply state, “my office never opens unfamiliar or unexpected attachments or links. Please provide further detail on what you are sending.” Our office has an Internet Procedure Rule which includes this advice. We’re all busy, it is easy to get hooked and swallow the bait.


Why did I receive a Phishing attempt?

Phishing is fun – for the bad guys. Once they gain access to someone’s account, i.e. they fell for it, they send out the same phishing scam to all the Contacts in the account. That way, their phishing attempt will come from what appears to be a legitimate source, one of their Contacts. In my case, the phishing attempt came from the Contact folder of my colleague, who had herself fallen for a phishing scheme. Once you click on these fraudulent emails, the phishers access your contacts and send emails out to all of them, in an attempt to fool more people.


You won’t even see it coming

You may not even realize you have fallen prey to a phishing attempt. Often, you will receive numerous phone calls or emails from people on your contact list asking if you sent them the email. Or, you may receive many undeliverable emails in your in box. These are all good indications that your account has been compromised.


Am I responsible?

If you fall for a phishing scheme, unfortunately, you will be responsible for the consequences. It is not much different than if you were to give your car keys to a stranger who you knew would do illegal things with your car. Some may have sympathy for you since everyone has been in the same situation, but that doesn’t get you off the hook.


What if you get hooked?

If your account is compromised, there are several things you should do, immediately. First, you should change your passwords. This is good practice anyway, but once you have been hacked, you need to change your passwords as soon as possible. If it is a business account, you should call your IT consultant.


What to do to prevent being caught

There are a few other proactive things you can do to lessen the chance of a phishing attack. First, purchase Anti Virus Software which also monitors email. Many do this already, but the AntiVirus software will flag some emails as suspicious. Next, closely examine all emails you receive and be careful before clicking on any attachments. Never click on an unfamiliar attachment. Look for the sender’s actual email address, not the name they use for it. For example, if you get an email which appears to be from Microsoft but the return address @repair.microsoft.ru, you can be assured this did not come directly from Microsoft. If there is a hyperlink to click, you can hover over it and it will tell you where the link will take you if you click it. These are easy to spot since the URL of the hyperlink typically bears no relation to the content of the email. Don’t click these links and take the bait. Finally, you should make sure all your software is up to date. Software updates are important, especially operating system updates, since they often patch vulnerabilities. When hackers find a way into a system through a phishing scheme, often the software developers will fix that vulnerability in an update. So, keep your software up to date.


Go Fishing and Avoid Phishing

Hopefully this article has provided a little warning about the dangers of opening attachments or clicking hyperlinks in emails. Take it easy and carefully review what you are receiving in your in box. When in doubt, further inquire. If you have a topic you wish me to address in the future, please feel free to contact me.