It has been three years since our blog on safeguarding your personal information. [1] This new blog focuses on one specific topic, phishing, that has become more deceptive and more aggressive. In 2021, the FBI received more than 300,000 complaints about phishing attacks, up 30% from the previous year. Fraudsters are using various techniques to mislead people via email, text or phone calls.
Warning: any time you are the recipient of a request for personal information, banking or credit card information, money, or a gift card, be extremely cautious as you may be the target of a phishing expedition.
The following are some phishing examples. You have probably seen some or all of these on television. You have likely already been the target of a Phish.[2]
- Threats and requests for immediate payment. Fraudsters are sending threatening emails or texts and sometimes calling directly. Because the fraudsters have your personal information already, the communication may seem to come from someone you know well, often a relative.
-
- Artificial Intelligence (AI) makes it possible for a phone call to sound exactly like the voice of someone you know.
- Often, communications will state that a loved one is in trouble or that you or a loved one will be reported to the “authorities” if you don’t respond and send money immediately. The communication may also say “we can take care of this for you but you cannot tell anyone.”
- If you are concerned or uncertain, call a family member or a friend to verify what you have been told. If you have been threatened with legal action, call your attorney.
- Social Engineering. Manipulating individuals through psychological tactics to gain their trust or obtain confidential information. This can involve impersonation, building rapport or exploiting human vulnerabilities.
- Email Phishing. Sending deceptive emails that appear to be from legitimate sources (your bank, online services) asking the recipients to provide personal information or to click on malicious links.
- Spear Phishing. Targeting specific individuals or organizations with personalized emails that seem genuine, often using information obtained from social media or other sources to make the messages more convincing.
- Smishing. Sending fraudulent text messages that urge recipients to click on malicious links or provide sensitive information, often pretending to be from banks or other trusted organizations.
- Vishing. Making phone calls, often using Voice over Internet Protocol (VOIP) technology, to trick individuals into revealing personal information or performing actions that benefit the fraudsters. Often, the caller ID will show the name of someone you know.
- Pharming. Redirecting website traffic to fraudulent websites that mimic legitimate ones, with the goal of stealing login credentials or personal information.
- Malware-based Phishing. Distributing malicious software via email attachments or infected websites, aiming to capture sensitive information such as login credentials or financial data.
- Fundraising. We all want to give to worthy charities or to support certain political campaigns. Whether the solicitation is by mail, email, text or phone call, be very cautious in sharing any information. Do not rely on the name of the organization which shows up on your caller ID. We recommend you not provide credit card information over the phone. Instead, go directly to the web site for more information on how to give to your charity directly.
- How Phishing can affect your company or organization. Artificial Intelligence is used by fraudsters in determining who best to target in a company or organization and how exactly to attack them. Social engineering is also a serious problem for companies. Employee training on how phishing and social engineering can be used to bait employees is paramount for every company or organization.
We cannot overstate the importance of vigilance with all forms of communication.
[1] https://awealthplan.com/safeguarding-personal-information/
[2] Phishing is an interesting term, a combination of two words. The more obvious comes from “fishing,” using electronic bait, hooking victims and reeling them in. The “ph” comes from a pre-internet practice of telephone system hacking known as phone “phreaking” done by “phreaks.”