When hackers phish, cut bait

The 18th-century British writer and lexicographer Samuel Johnson famously described fishing as “a stick with a hook at one end and a fool at the other.” Whether you’d agree with that particular snarky assessment, you’d have to admit it’s pretty clever. Personally, I love to fish, although the fish apparently laugh when they see me coming because my fishing skills are not much of a threat. But regardless of whether I catch anything, the trip is nearly always time well spent.

The ancient concept of putting out bait and waiting for a bite has been adopted very successfully in the digital world. Back in 1996, according to Computerworld writer Russell Kay, hackers began noticing that a lot of scammers were posting emails with links that appeared to be legitimate but took the user to nefarious sites designed to dupe them into divulging passwords and other critical information. Because the term “phone phreaking” had been adopted years earlier to describe technology used to hack telephone systems, hackers similarly began using the “ph” to replace the “f” in fishing.

In the two decades since, scammers have gotten a lot more sophisticated at luring unwary consumers with links that appear to be from well-known merchants and companies. And it’s hitting near home. Last week, Attorney General Jim Hood warned Mississippians that users of PayPal, Amazon and others are at risk from phishing scams.

“These online services and businesses make it easy for consumers to shop and pay for items online, but there are people out there who want to use this convenience as a way to steal your money, or even worse, your identity,” Hood said in a news release.

Hood reported that computer users were getting emails warning them their PayPal accounts had been compromised and limited for security reasons. They were encouraged to click a link (unsecured) to a spoof site where they were asked to enter their PayPal username and password. Once they provided the information (of course), the scammers could “log in to the consumer’s legitimate PayPal account to spend any remaining funds, bill credit cards or steal personal information.”

One red flag that was apparently missed by many was that the PayPal was misspelled on the spoof site (spelling ability is apparently not part of these guys’ job descriptions).

Hood went on to describe a scam appearing to be from online giant Amazon.com that takes various forms, including emails that ask for information to confirm bogus Amazon orders, requests to update usernames and passwords, links to sites that will install malware and others.

Hood recommends consumers who have PayPal or Amazon accounts and receive similar emails not click on any links or submit any usernames, passwords or personal information via email. Instead, go to the companies’ actual websites and use the sites’ secure login to verify any account activity. “Although these scams have been around for quite some time, they continue to try to lure victims,” Hood said. “I encourage consumers to protect themselves from fraud and identity theft on the internet through education and awareness.”

Hood added these suggestions:

  • Don’t respond to any unsolicited e-mails.
  • Do not click on any attachments associated with such emails, as they may contain viruses or malware. 
  • Don’t reply to emails or pop-up messages that ask for personal or financial information.
  • If you’re concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new internet browser session and type in the company’s correct web address. In any case, don’t cut and paste the link in the message. 

More tips can be found in the news release at http://bit.ly/2iMCRTj.

If you suspect you’ve fallen victim to such a scam, call Hood’s Consumer Protection Division Hotline at  1-800-281-4418.

Contact Bill Moak at moakconsumer@gmail.com.

Leave a Reply

Your email address will not be published. Required fields are marked *