Tip:
Highlight text to annotate it
X
Steve Dotto here. How the heck are you doing this fine day? Me? I’m feeling that you
and I should have a quick conversation about the rather despicable practice of phishing,
phishing with a PH. We’re talking personality security today on DottoTech.
Anybody who knows me knows that I love the real art of fishing. Fly fishing is one of
my passions but this practice, the practice of phishing with a PH is something that I’m
not such a fan of and something that we should all be paying attention to. What is phishing?
Phishing is when the miscreant sends out a variety of emails that look like they come
from a legitimate service. They’ll send it to people willy-nilly in the hopes that
they will stumble across somebody who uses one of these services who don’t understand
what’s happening. Here’s an example. This is an email that
you might receive in your inbox, whether you live in the United States or not. It doesn’t
matter. It looks like it’s coming from the Bank of America for all intents and purposes
but this is a phishing attack. It has been sent to a person. It actually probably doesn’t
have the person’s real name in it because they don’t know the name or they use the
email address as the name. What it is, it’s typically a message that there’s something
waiting for you to pick up, that there’s a problem with your account. They create some
urgency in this email and then they nicely provide you with a series of links to be able
to go through and access your account. If I were to click on this link here if this
email had been sent to me, it will be taken to a website which looks exactly like Bank
of America’s, probably down to the last detail except for one thing. It would not
be the Bank of America site. No, no, no. Instead, it would be the phisher’s site in which
they would ask us to enter our username and password. Then they would take that information
and capture it when we entered it to use for their own purposes. At that point there, we
are entirely compromised and the sad part is we might not even know that we were compromised
because chances are they will then be sophisticated enough to take that information and pass it
straight through onto the real Bank of America, log us into our account and we wouldn’t
know that we had been compromised. Once they have that level of access to our accounts,
of course our identity is at risk. We are in peril.
So what can you do to protect yourself against these sorts of attacks? Well, the first thing
to do is to identify that legitimate services will never send you an email like this. When
you see emails coming in like this, your alarm bells should be going off immediately and
you should be saying ah, I see that this is a phishing attack; I’m not going to bite.
Instead, it grows straight in the trash. But what happens if it’s coming from a service
that you actually do use? What if I am actually a Bank of America customer and they’re telling
me that there’s a problem with my account really? What should I do then if I am concerned?
The thing to do is not click on the link that’s provided within the email but instead navigate
to your own browser and use your bookmarks or type in the URL yourself to go into your
account. Then you look for a few key points. When we’re logging into a secure banking
sites and our other membership sites, we will typically find that it is a secure server
which is identified by HTTPS, not just HTTP in the URL. Additionally in the Chrome browser
here, it’s got a lock telling me that I’m going into a secure site. You look for these
indicators that it’s the legitimate site that I’m signing into. If I sign into this
banking site here, I’m signing into my legitimate Bank of Montreal site. So you look for those
touch points to make sure that you are at the right place and your information will
not be compromised. Now unlike most security issues, we can’t
use technology to protect ourselves against phishing attacks. Not signing up for newsletters
or reducing the amount of email spam that we get into our inbox might help us a bit
but some phishing emails are going to make it through. That’s the nature of the phishing
attack. Instead of relying on technology to protect us, we have to rely on our instincts,
our intuition and our understanding of what might be happening, our knowledge that our
legitimate providers are not going to be sending us emails asking us to log into our accounts
from the body of that email. They just simply won’t do that. So if we are concerned, we
navigate manually ourselves to the site, go into our site ourselves and make sure that
everything is okay. So it’s up to you. It’s your responsibility to understand what’s
happening that will protect you. This doesn’t remove the fact that we still
need to use password management and we still have to protect ourselves through two-factor
authentication. All of the other security processes that I recommend in the channel
you still want to enable but this is an additional layer of education which you need to understand.
I hope that you’re glad that we had this little chat today. Now there are three different
ways for you to stay in touch with us here on DottoTech. The first is please subscribe
to this channel. The second is subscribe to our newsletter. That way, I can inform you
about all of our upcoming tutorials, webinars and seminars that we give on a regular basis.
And finally, DottoTech is a community-funded site supported through the generosity of our
viewers at Patreon. If you drop by our page at Patreon, you will see what’s involved
in supporting DottoTech and you will also discover the perks and the perks are indeed
awesome. Till next time, I am Steve Dotto. Have fun storming the castle!