The Surefire Trick to Avoiding Holiday Phishing Scams

Holiday phishing scams are nothing new — Americans just keep forgetting to be on the lookout for them.

Every year I dedicate a column to the scams of the holiday season, and every year the roundup gets bounced around the internet — all too often among friends who’ve been scammed. (For a rundown of what’s out there, check out last year’s post.)

So what’s new this year? Unfortunately, not very much.

There’s the latest holiday phishing scam, I guess. But really? It’s about as surprising as the President-elect’s reaction to Alec Baldwin’s impersonation of him on Saturday Night Live.

An email arrives telling you that there’s been a shipping problem with a gift item that you ordered online. In this particular ploy, there’s a link embedded in the email message that takes you to a bogus site that looks exactly like a real one that many people use for their holiday shopping. It doesn’t particularly matter which site. What matters is that the link leads to a page that doesn’t just look like the site. It is a perfect replica.

Sounds like every other phishing scam, right? Well, that’s the point of this year’s holiday scams column, folks. So, why are we still falling for these things?

It’s simple. Most people still don’t consider phishing scams to be a part of everyday life because most people have busy lives. If you live in an area where mosquitos spread the Zika virus, you’re hyper-aware of when they’re around. We all live in a phishing hole, yet we’re not constantly on guard against the various kinds of bait scammers throw out there — even though the damage caused by ransomware and other kinds of malware can be very serious.

It doesn’t matter how many times I say this. Most people don’t think scams are as ubiquitous as they are, and as a result, they tend to forget about them while they are going about their daily business. If only they kept malware and the constantly evolving delivery systems that bring it into our homes and offices top of mind, scam artists would quickly have to come up with a new game.

So let’s go back to this latest holiday phishing scam. How can it be avoided? You just have to look at the web address. But not the way your kids look at you when you ask them to do something. I mean, REALLY look at it. The only thing that’s different on this new scam site is the URL address.

There is a reason people never remember this. Scammers are smart, creative and persistent.

Social Engineering

Social engineering has nothing to do with any sort of “brave new world” scenario. It describes the hacker’s skill in the area of psychological manipulation.

The hacker’s exploits all work on emotion. In some cases, they will have gone on social media and figured out who you’re friends with. The next step is to send an email — either using your friend’s hijacked account, or just their name. You’ve seen these emails before. Your friend is on holiday and lost their wallet, or asks if everything is all right between you and your partner because they saw a picture (click the link and tell me, that IS your husband, right?). Maybe someone from college found a hilarious picture of you. The gambits are clever, playing on various emotions — fear, jealousy, curiosity.

The URL of a bogus site is something you might not notice this time of year because you are completely freaked out that a package is not going to arrive on time and someone’s holiday will be ruined. While you are a still rattled, you are provided with a link and instructed to enter your name, address and credit card information. When you do that and hit send, the page redirects to the real site, and the scammer is given all the ammunition necessary to go on a shopping spree.

Reverse Engineering

The solution here is simple. Social engineering is only possible in a world where people don’t know they’re being targeted.

The first order of business is to remember you live in the phishing hole. You need to get into the mindset that you’re always one click away from getting got. As I write in my book, SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, there are some very good tactics for avoiding scams, like going directly to websites in lieu of clicking urls in emails, calling companies to verify they’re trying to contact you and refraining from over-sharing on social media.

If you believe you’ve been the victim of a scam, don’t brush it off. Monitor your credit report for signs of identity theft — mysterious addresses, unknown accounts opened up in your name. (You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing two of your free credit scores every 14 days on Credit.com.) Report any fraud to your local authorities and the Federal Trade Commission.

Also, help others avoid scams. Talk about the threats out there with your friends and family (even strangers on a bus) because public awareness is the only inoculation against the viruses and malware that are spread through phishing email.

Image: FatCamera

The post The Surefire Trick to Avoiding Holiday Phishing Scams appeared first on Credit.com.

Gone Phishing? How to Talk to Your Kids About Malware

avoid-identity-theft-tips

Picture this: The car is full. You’re navigating by the side mirrors while doing a mental inventory of everything you packed and wondering if you are going to make it to the realtor’s office in time to pick up the keys for your vacation rental. You have absolutely no idea what the kids are doing in the back seat.

Now forget the massive distraction of that summer road trip and consider the bigger picture. It doesn’t matter how old or worldly they are, or how ridiculously up in their business you are. You can’t know what your kids are doing every second of the day. And just like a good cops and robbers game, better surveillance only creates better criminals — which means all the more careful your child will need to be when your eyes aren’t directly on them.

While most of us have learned over the past few years to ignore the lures and snares of malware propagation — whether they come via app, Facebook post, email or text — no one is perfect, and kids may not understand the big picture well enough to avoid the hazards without some guidance.

The big picture is simple: There are criminals out there — more than you can imagine — whose day job it is to get enough of your personally identifiable information to steal goods and services in your name or crawl into your bank account and drain it; in other words, to commit identity-related fraud.

Your first job is to get this across to the children in your life: Criminals can use their information — personal details like birthdays, addresses, family names — to steal things — and those criminals do this by tricking kids into providing that information.

Yes, You Really Need to Have That Talk

Remember the toddler years when things went missing — car keys, credit cards, stock certificates, crown jewels — only to resurface during a weekend excavation of their play space or in the back of a sock drawer? Teens and tweens aren’t much better. They lose house keys and car keys too; they forget where they parked the car, smartphones disappear, and so on and so forth.

The bottom line here is that kids are strangers to two key concepts that help put a layer of protection between you and online scams aimed at separating you from your personally identifiable information.

While it’s true that focus and impulse control aren’t exactly something adults just magically acquire with age, when it comes to younger people, it’s an oxymoron. This is something that needs to be discussed, notwithstanding all the eye-rolls and sighs. That lack of impulse control is what makes phishing and other malware scams work.

Phishing attacks succeed or fail depending on a number of factors, but the main one is the target’s distraction level. Kids are not always the most mindful among us. This makes them targets for phishing scams.

Forget the Helicopter Routine

The very best advice I can give you here is to set strong “Do Not Cross” lines for them from the very start. Use examples of things that have gone missing, or days that have been horrible because of distraction, to start the conversation.

Tell them that real-life risk includes things digital, especially with regard to their personally identifying information. Have a basic rule: If you are asked for personal information, check with a parent. Explain some common tactics used by phishing scams. For example, popular websites and services require updating, authorization or validating an account. It’s a real thing, but scam artists use it to get personal information. All such requests should raise their level of concern.

Set a basic rule here: Only adults can provide payment information, or troubleshoot an account that has asked for information.

Tell them to watch out for websites that are almost right: If you follow a link that was sent via email or text or that was posted on a social network and something looks a little wrong, leave that site immediately.

Phishing scams often create sites that look like the real thing, but there are little differences here and there. That said, sometimes the only way to detect the fraud is by looking at the URL. The many scam sites will spell it a little differently, but just barely so.

Today’s kids know more than their parents about a dumbfounding array of topics that would make the most hardened politician blush. But unfortunately they may be even more vulnerable to phishing attacks, and it’s your job to keep them out of the shark tank.

Image: harleebob

The post Gone Phishing? How to Talk to Your Kids About Malware appeared first on Credit.com.