Holiday season is right around the corner! With an unprecedented number of expected online shoppers this year, it's important to remember that the Internet isn’t a safe place. While we can trust sites such as Amazon, Best Buy, Walmart, etc., scammers and hackers are always creating sites similar to these to steal our information. In fact, some even take it a step further. I was recently awaiting a $50 Amazon Gift Card in my email after filling out an online redemption form from a third party. Unfortunately, the third party’s system was compromised, and I received this in my inbox two days later:
Thanks to the filtering system implemented by Google, I was able to cautiously handle the email. Opening the link that supposedly led me to my “redemption code”, the following site showed up:
This person was deceivingly smart. The phisher (those who create fake websites to steal information) was able to accurately duplicate the Amazon sign-in page. Even the tab title and logo were correct. However, what instantly threw a red flag was the url, and that’s how I confirmed this site was ingenuine.
Thanks to the filtering system implemented by Google, I was able to cautiously handle the email. Opening the link that supposedly led me to my “redemption code”, the following site showed up:
This person was deceivingly smart. The phisher (those who create fake websites to steal information) was able to accurately duplicate the Amazon sign-in page. Even the tab title and logo were correct. However, what instantly threw a red flag was the url, and that’s how I confirmed this site was ingenuine.
This is a prime example of what is known as phishing, which is defined as the practice of sending a fradulent offer through electronic transmission supposedly holding reputable content in order to induce individuals to reveal personal information. Phishing nowadays usually is done first by sending an email to the victim, claiming the victim has a reward to redeem (like the one shown), or their account (i.e. social, bank, etc.) may be at risk. Then, they are led to a site that is identical to what they would normally see, except the URL is wrong. If the victim enters their credentials, that information is sent to the phisher, and the victim is usually redirected to the official site login (and the victim will likely assume this was a glitch). The phisher then uses that information to compromise the victim’s identity, and possibly sends the phishing site to the victim’s connections through his/her account.
While we typically take the utmost precautions when logging into our financial accounts, these precautions have to be taken everywhere. Many people have one password for everything, and with one account compromised, it doesn’t take too much effort for one for the phisher to steal the victim’s identity. Here are some tips to stay safe during this holiday season:
While we typically take the utmost precautions when logging into our financial accounts, these precautions have to be taken everywhere. Many people have one password for everything, and with one account compromised, it doesn’t take too much effort for one for the phisher to steal the victim’s identity. Here are some tips to stay safe during this holiday season:
- Never leave your password in plain view, especially in a public location
- Always log out when you are done, and make sure you are logged out
- Whenever possible, put in the least amount of personal information as possible. That way, if someone were to compromise your account, it is less likely they would be able to compromise other information about you.
- Use different passwords for every account
- Don’t transmit personal information and passwords over the internet
We wish you all a happy and safe holiday season! We’ll be updating our research progress sometime around the New Year!
-James
No comments:
Post a Comment