Pages

Saturday, December 20, 2014

Phishing with Phony Requests -- Beware of false email and social media requests

I have noticed a constant rise in false requests coming through email and social media. In this busy season of the year, it may be all too easy to click on a phony request amid the general online clutter. I am getting probably two or three a day lately.

Phishing is the process of sending out a false email or other type of contact through social media with the expectation that the person receiving the request will respond with either personal information such as account or credit card numbers or will validate an email address for further unsolicited advertising.

Here are two types of contact I have seen just this week:

Emails announcing that one of my bank or credit accounts has a problem. 
These are the worst type of phishing. They are attempts to compromise a bank or credit account. Either my wife and I have received these requests from website purporting to be American Express, PayPal and even our own bank. The request usually outlines some vague problem with the account that needs immediate attention. The emails appear at a glance, to be valid, with logos and official looking formatting.

I have gotten to the point that I do not respond to or open such requests at all. If the request even looks vaguely like a valid issue, I will trash the email and then contact the company directly either by phone or with an address I have used in the past. In the case of PayPal, I have simply stopped opening anything that comes to me unsolicited, even if it looks like a "monthly statement." If I need to find out anything about my account, I go to the website and log on directly. Many of these email requests come with a threat that the account will be closed immediately if I do not respond. Since that type of request comes regularly and the account has never been terminated, I do not even bother to check on this type of email at all. I just trash them permanently.

You might want to know that throwing something in the trash does not erase it from your computer. I suggest emptying your trash can periodically.

Social Networking requests that appear valid but are phishing for personal information
The bogus requests I have noticed most recently, come on Google+ and are from people around the world, usually but not always, seemingly younger women, although there are a percentage of younger men also. Some of these are from the Far East or the Middle East and appear to be sincere requests for connections. I always look at the page for these and almost anyone else I do not recognize. What I find is that these people usually have no recognizable contacts. I am the first or one of very few people they have contacted online. I suspect that many of these requests are generated by pornography businesses just from the general nature of the posts on the person's website. I simply ignore any such request.

Very occasionally, I ignore a request that comes back with additional information and it is approved, but that is very rare. I now routinely ignore a fairly large number of social networking requests and occasionally go back through my "friends" to eliminate those that post inappropriate posts.

If you want to connect with me on Facebook, Google+ etc., I suggest you edit your personal settings to clearly show that you are associated with a valid entity or interest. I try to limit my contacts to those in the genealogical community.

Some people reject all social networking links and even refuse to sign in to Facebook or other such websites simply because of fear. If I took that attitude, I would probably never get out of bed in the morning. I realize that there are dangers inherent in social networking, but I have had similar requests for years by telephone and regular mail. I would guess that nearly 80% of all the telephone calls we get are unsolicited commercial calls in the nature of a phishing scheme. But I do not stop using a telephone because of those calls. The calls just become another type of modern background noise that my wife and I ignore.

Other people reject all social networking out of fear of identity theft. The key here is to never put anything online you do not want to be used. So people also are threatened by "getting too much email." Sorry, but this is the result of being online. I usually get over two hundred emails and responses to my reader subscriptions a day. I just view this as a minor overhead item and work through them efficiently. It is really nice to have a delete button.

I think the main problem is when people start to take all this noise as a personal threat. It is not more a personal threat than any other type of advertising. I see ads for bogus businesses all the time. Part of successfully living in an information world is the ability to filter out unwanted signals. If a phishing scam gets too clever, we contact the target company with a complaint. Most of these complaint are gratefully received by the target company. We always send a copy of the offending email etc. so they can block the sender.

This is a serious problem for the unwary. But it is less difficult than many other much more serious issues in modern life. I am much more concerned about driving here with the Utah drivers than I am about anything online.

Remember the rule, throw it in the trash if it smells bad.

2 comments:

  1. This is certainly a timely post James. I just deleted 3 of those phishing emails, one from Bank of America. Since I ignored it, I guess now my account will be closed. LOL! The phone calls on our land line and cell phones are actually more irritating and are pretty much daily. We've blocked many many numbers, but still get calls....from other variations of the numbers we've blocked.
    Merry Christmas to you and your family.

    ReplyDelete
  2. Thanks for the heads-up. I learn so much from you and this awesome blog.

    ReplyDelete