Cybersecurity is a hot button topic lately. With the rumors of Russian infiltration into the United States Presidential election, and the exposure of private emails and photos onto sites such as WikiLeaks, the privacy that we covet online is becoming increasingly endangered. With the recent phishing scam going through Google Docs, it is imperative to remember the necessary steps to take online in order to ensure that you are not a target of a scam. First, let’s review what online scamming/phishing looks like, and the ways to spot one.
The most likely scam that you will encounter is a phishing email that can be sent to your accounts. Phishing is defined by the Merriam-Webster Dictionary as “a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly.” An email may look legitimate with logos and graphics, but that does not mean that it should be taken at face value. For example, banks have taken a stance against phishing by only allowing account actions to be completed through their own websites or at a physical bank location. Your private bank will never ask you for passwords, social security numbers, account numbers, routing numbers, or any other private information via email (Telegraph.co.uk). Be on the lookout for emails that inform you of account changes or updates; if you did not authorize changes, immediately report this issue. The best course of action to protect yourself if you feel that you have been targeted by a scam is to document as much as you can with photos, emails, and phone calls. If an email comes into your inbox that seems suspicious call the company that supposedly sent it and ask about the email. Taking the initiative to validate the email before responding is one of the best ways to protect yourself from online threats. So what happened in regards to the Google Docs scam that went viral last week?
Gmail users were sent a notification from a known contact to click on a shared Google Doc. In order to access the document, the users had to authorize a transfer of contact information to the sender. Since the sender was perceived to be a friend or family member, there was little hesitation to allow this authorization. Routing the doc through an unauthorized Google Docs app prompted the Gmail user to allow the application to take control of their email information as a “management” tool (BGR.com). As a result, any personal information attached to contacts was downloaded and stored. Google reported shortly after this spamming went viral that over one million accounts were potentially compromised and the unauthorized application was shut down, as well as the email accounts that were the source of the scam. Information from email accounts linked to sites such as iTunes, Amazon, Twitter, and Facebook were the most vulnerable to this scam. Any users who had encountered this phishing email were asked to change their emails and passwords immediately. An interesting thing to note is that a majority of these emails were addressed to “email@example.com” (Forbes.com).
One of the first things that you should look for when it comes to identifying phishing emails is the sender’s name, the name that they have addressed the email to, and the language they have used. If there are typos, or if the language is not clear, that should be your first indication that the email in question is not valid. Most often the email address of the sender will look like an official domain, but there could be minor differences such as a period between words, or a domain extension from another country such as “.ru” or “br”, which can be hard to miss. If links are provided in the body of the email, hover your cursor over them and the destination for the link should pop up. If an IP address comes up instead of the domain name, then the link could be fraudulent. Another item to look for is the tone of the message. If you receive an email that has a threat such as closure of an account, that tone is your best indication that the message is fraudulent. A good source of examples for phishing and how to avoid them is the U.S. Securities and Exchange Commission website, which also lists the information for phishing phone calls and how to report phishing activity.
Taking that extra moment to evaluate an email is your best line of defense in keeping your private information safe. Make sure to update your email passwords and delete unwanted or fraudulent emails as soon as possible. If you are interested in how online security works, and want to learn more about protecting online identities think about the possibility of a career in Cybersecurity. This field is growing fast and will be a lucrative degree option long into the future. Call Coleman today to schedule an appointment and speak with an admissions counselor at (858) 499-0202 Monday through Friday.