Big Phish, Small Phish

Phishing
Phishing is an attack whereby someone pretends to be a trustworthy entity, but is really trying to get your personal information in order to steal from you or an organization.
Phishing is a type of social engineeringwhere fraudsters try to deceive and spoof their victims by sending email or instant messages (or even by calling) and pretending to be a legitimate private or public sector organization. They then either request personal information, provide links to fake websites, or even create unauthorized pop-ups from legitimate websites to get you to give them your personal data.Additionally, phishing emails can contain attachments that infect recipient’s computers with malware, creating a backdoor to control or compromise a system and its information.

In all of these cases, the intent of phishing is impersonate others and lure consumers into providing information that can be used to steal identities, money, or information.

The word phishing alludes to the technique of baiting people and like in real fishing, fooling at least some into biting and getting caught in the trap.In this fraudulent type, perpetrators pretend to be legitimate financial institutions, retailers, social media companies, and government agencies in an attempt to get you to divulge private information like date of birth, social security numbers, mother maiden names, account numbers, passwords and more.

Once criminals have this valuable information, they can commit identity theft, break into your accounts, and steal money or information.Spear-phishing is a derivative of this scam that is targeted on specific people, and whaling is when the scam is perpetrated on organization executives or other high profile targets,  which can be especially compromising and harmful to themselves or the organizations they represent.

The first recorded phishing attack was in 1987.  Over the years, the prevalence of these attacks have steadily increased. According to the Anti-phishing Working Group (APWG), there were some 20,000-25,000 unique phishing campaigns every months through the first half of 2011, each targeting potentially millions of users.  Additionally, as of March 2011, there were as many as 38,000 phishing sites.  The most targeted industry continues to be financial services with 47% of the attacks.
There are a number of ways to protect yourself against phishing attacks.

  1. Delete email and messages that are unwarranted and ask for personal information
  2. Do not click on links, instead go directly to a website by using a search engine to locate it or copying the link and pasting it into the browser
  3. Configure your browser to block pop-ups
  4. Use anti-virus, firewalls, and anti-spam software
  5. Set up automatic security updates
  6. Input personal information only into secure sites, such as those that begin with “https”
  7. Only open attachments when you are expecting them and recognize where they are coming from
  8. Check financial statements upon receipt for any fraudulent activity
  9. If you are caught in a phishing scheme, notify law enforcement and credit reporting authorities immediately
  10. Always be cautious in giving out personal information
Whether you consider yourself a big fish or a small fish, beware of those trying to catch you up on the Internet–hook, line, and sinker.

Be Careful What You Point That At

Qr_code

By now many of you may or may not have pointed your smartphones at a QR (“Quick Response”) code to get more information on products, places, events, and so forth.

 

A QR code is a barcode that that generally contains alphanumeric information and takes you to a website when you read the QR code with your smartphone (i.e. by taking a picture of it with a QR reader app).

 

QR codes remind me of the barcodes in the store at the checkout line, but QR codes look more like a squared-off roschach test compared to the barcodes on items you purchase which are rectangular straight lines from top to bottom.

 

By reading the QR code, you don’t have to remember or type any information into your smartphone–your just zipped right off to wherever the QR points you (usually after you confirm on the screen that you are okay with going to the URL).

 

But QR codes like with any information technology, can be used for good or evil — for some reason though people seemed to have been unsuspecting of the sort of innocuous looking QRs.

 

Kaspersky Lab has issued a warning on QR codes after finding consumers in Russia scammed when they thought they were downloading an Android app and where instead infected with malware that caused them to send SMS messages to a premium number that charged for each message sent.

 

So while QR codes can take a reader to a harmless website for information, like other computer code, they can contain instructions that cause you to send email, SMS messages, download applications, etc. 

 

So unless you know what you are QR reading (i.e. you have a high-degree of confidence in whoever placed the advertisement with the QR code)–think twice before scanning that barcode, because you may get a surprise package in your smartphone that you weren’t expecting causing infection of your device, loss of privacy to the information stored on it, or costing you money for things you never wanted or intended to spend on.

 

Scanning a QR code while as simple taking a picture of a sunset–may not have as beautiful consequences.

 

(Source Photo: here)