Don’t fall victim to phishing scams

As more people share more information online the risks of falling victim to phishing schemes has become more and more dangerous especially as these tactics become more advanced. A phishing is defined as “the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”  A report from 2014 states that the worldwide impact of phishing schemes could be as high as $5 billion per year. As people trust the internet more and more people forget about the dangers that come with it. A statement from Prakash Kumar, a national technology officer for Microsoft India touches on this saying, “The Internet touches our lives every day, whether we are communicating with loved ones, for work, shopping, and paying bills. But how cautious are we about monitoring our online presence, and taking note of our own vulnerabilities?”.

giphy.gif

Over time these schemes have gotten more advanced and have become more difficult to identify. Now links are able to be disguised so that it appears the URL is reliable unless you actually look at it closely. Failing to preview these links by hovering with your mouse can lead to you falling victim to a dangerous website. Most mobile apps do not allow you to hover over the link and therefore are more successful in getting people to click. Even though there are spam filters in place to try to prevent these emails or messages from appearing in your inbox, as technology is more advanced it is easier to disguise the sender.

Netflix is one of the more recent victims to a phishing email in their name. The email tells users that they have an issue with their account and they need to enter their credit card information. The website uses Netflix logos further enticing people 375ACA2E00000578-3746574-image-a-12_1471506238869to enter their information in what they believe is Netflix website. This scam has been going on for months and is yet to be stopped because it is advanced enough to pass through most spam filters. This is dangerous for the websites whose names are being used because they lose trust of their valued customers. Below is a image of what the website looks like… it is so realistic which is why the scam has been so successful.

Netflix-Phish-Inline.jpg

These scams are moving from emails to social media sites such as people acting as fake customer service reps on Twitter, fake Facebook users friending people and commenting links, promoting online discounts, etc. Even though we often think our ourselves as smart internet users, as the technology of these scams become more advanced they become harder to recognize.

We’ve talked in class about how so much more of the “customer service” aspect of companies has moved to social media. Many people post about their experience (positive or negative) and there is an expectation that the company will personally respond. Unfortunately, this has created a perfect opportunity for scammers to pose as these customer service experts hoping to get you to share personal information. This new type of phishing is know as “angler phishing”. Unfortunately, many people do not even realize they are falling victim to this because of how realistic the username and websites are able to be. This forces brands to often time reimburse customers for the damages and further incentivizes them to protect their brand image.

image.png

While we might not think leaving our profiles public makes us more vulnerable, this means that all the seemingly trivial information we share can be used against us. Similar to how advertising has become more targeted because of things like cookies, phishing techniques have also become more personal because scammers are able to gather information from your social profiles in order to make the bait more personal. Some hackers even will clone a friends profile in order to gain more access to your personal information. With so much content and so many users on these social media platforms it is hard for them to keep up with these scams and protect their users. Instead a lot of that burden falls on the users themselves.

giphy5

Unfortunately, even years after these scams have been circling the internet they are still successful. Here are 5 common signs you might be scammed:

  1. Your account has been disabled or suspended
  2. Irregular or fraudulent activity detected
  3. Online retailer scams
  4. Fake pop-ups
  5. Taxes

So what does this mean for both consumers and retailers? Retailers are relying on customers to trust them… the less trust, the less likely they are to make a purchase. This can be very costly as many brands feel the need to reimburse any losses occurred through a scam with their name attached to it. Consumers are also required to be more careful when entering or posting sensitive information online. No matter how careful you think you’re being, there are probably more precautions you can take. If something seems too good to be true, it often is.

With Cyber Monday right around the corner, here are some tools to not get scammed.

10 comments

  1. This was a really great post! Phishing scams are definitely one of the greatest threats to cybersecurity that consumers are now facing. It is very alarming to see the phishing scam that is going on right now with Netflix. Even as an avid Netflix user I don’t think that I would have recognized that that website was a scam, and I am aware that phishing is an issue. Individuals that are unaware that phishing takes place, are even more vulnerable to falling into a scammer’s trap. My grandparents recently almost fell into a similar scheme, when they were contacted by the fake “IRS.” What is the government doing to prevent/stop these scammers from doing this, if anything? It’s essential that the government cracks down on these scammers sooner rather than later, as the longer they wait, the more information they will have – making it even harder for us to stop them.

  2. Awesome post on a really important topic! I think that phishing scams are very important to know about for everyone especially with the increased use of social media in the past decade. In my internship this past summer, I had to take many online training courses on the dangers of phishing; however they were mostly focused on phishing scams via email. It’s good to know that these scammers are turning to websites like Netflix and social media platforms to try to scam you into releasing important information. In addition, kids are using social media more than ever. Since most kids won’t understand what a phishing scam is, I think it is really important that we begin to educate all social media users about these scams. In addition to what @alyssacasale4 said above about the government cracking down on the scammers, companies should join in on the efforts to minimize the risk of phishing scams. I also think that higher ed institutions like Boston College to take measures to help their students avoid phishing scams.

  3. Interesting post! I think this is an important topic that tends to get overlooked by people our age. We are way more trusting than our parents when it comes to giving out confidential info online–I never really hesitate to enter in my credit card info when making an online purchase whereas my mom is always skeptical. It is definitely also true that as tech gets more advanced, hackers are advancing in their phishing tactics, making a scheme almost undetectable–I wasn’t aware of the Netflix scam and would have definitely fallen for it. I agree with the above comments that the government needs to crack down on this issue, which reminds me of the article we discussed in class about the government adding a cyber reminds me of the article someone shared on twitter about expanding the peace core to cyberattacks/hacking. New tech brings a lot of exciting advancements, but we need to be wary with possible threats that come along with it as well.

  4. Really interesting post. I am surprised that companies are willing to reimburse customers for these schemes, and I wonder to what extent they will be willing to do this if the problems become too large scale. Just as credit card companies are shifting the financial responsibility of fraudulent activity to customers, I wonder if companies will soon shift the responsibility to their customers to detect these schemes. I think this issue is especially prevalent for the older population. Since they are less familiar in knowing how to detect suspicious activity online, they are much more prone to falling victim to these schemes. My grandmother got a call that the security of her computer was at risk and was tricked into sharing her screen and passwords with a stranger trying to take advantage of her lack of tech savviness. I hope that companies are soon able to develop better spam filters to keep up with the more advanced method of phishing schemes.

  5. Really interesting post. I agree that this is becoming an increasingly important problem. People are getting more intelligent and developing more advanced phishing schemes and people our age are so trusting. We’ve grown up using the internet and never really had to make that trust leap because people had been putting sensitive information on the internet before we ever could. Also, 99% of of the things online asking for passwords and information are safe. Therefore, it’s incredibly difficult to recognize phishing schemes. It will be interesting to see how much worse it will get and what companies and individuals will do to further safeguard themselves against these schemes.

  6. Wow, to me that Twitter reply one was the scariest. I’ve really never received anything that looks as well done as the examples you give above. What I’ve noticed is that older people are more likely to fall prey to these phishing scams (because they didn’t grow up with a lot of the technology like we did). But, you make a very valid and concerning point that these scams are only going to get better. Fortunately, there are active steps we can take in order to not fall into these traps.

    What concerns me more than phishing is hacking. Cyber security has become an extremely hot topic, and rightfully so. As we put more and more of our personal data online, the risks continue to increase exponentially. We’ve seen a plethora of massive companies hacked in the last few years; even governments are being hacked. It’ll be interesting to see how corporations and governments go forward into the age of Cyber warfare.

  7. I’ve been around the block for a long time for Internet scams. I have to admit that even I sometimes have difficulty telling the real thing from the scams (and usually I doubt the genuine one, as opposed to falling for the phishing account.) I do think this is a real problem that will wax and wane over the years.

  8. Really great post, Hilary! Thanks for sharing such important information with everyone. Phishing is such a big problem in industry where many people have trouble telling the different between scam emails and legitimate emails. The firm that I worked at this past summer ran “test” phishing scams in which the IT department would send their own phishing email out to employees and then, if the employee clicked the link, it would take you to a site that explained why you shouldn’t click on links like that. It was brilliant and really helpful. The firm used Google Apps for Business so the emails looked exactly like those that you’d get from Docs or Sheets when someone shares something with you. I think the best thing we can do and educate others to do is to think skeptically of incoming emails and be sure to vet the link before clicking on it.

    1. We had this at my company over the summer as well! Working among 65,000 employees, I appreciated the extra effort our IT department put into educating our employees on online security. I’m glad to hear other companies are being proactive in this effort as well.

  9. Awesome post Hillary! I work at the Help Desk in O’Neill, and we’ve had more than our fair share of customers that come in after falling for these exact types of phishing attacks you’ve outlined. I wasn’t familiar with imposter customer service reps on Twitter prior to this post, and perhaps that’s the biggest takeway I have from your blog, and also the scariest example! As you might recall, last semester, there was a Google Drive phishing attack going around BC’s campus, and if you clicked the link in your email, you gave a malicious third-party full access to your BC Gmail account and they’d spam everybody in your contacts with a link similar to the one you first clicked on. Google thankfully removed the third-party app, but it goes to show how vulnerable we still are despite our knowledge and self-awareness of online security.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: