Oregon FBI Tech Tuesday: Building a Digital Defense Against Phishing and Spear Phishing Attacks
Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against phishing scams.
October is cyber security month in the U.S., and in recognition of that, we are going to take some time over the next few weeks to explain some basic threats and terms that everyone needs to know to keep themselves safe online.
Let’s start with “phishing”.
There are many different types of fishing: deep sea fishing, ice fishing, fly fishing… you get the point. But today, we want to talk about phishing with a “ph”—and the related problem of “spear phishing.”
Phishing is when a fraudster sends you texts, emails, or other messages with the intent of tricking you into responding in some way. He will often include a malicious attachment or link in the message. If you open the attachment or click on the link, the scammer can gain access to your device.
From there, the possibilities are endless. He can install ransomware that will lock you out of your computer. He can steal your data or install software that allows him to track all of your activity, including the passwords you enter. He can gain access to your bank accounts, credit cards, and the most personal info you have stored.
Spear phishing is a more personalized version of the same scam. In this case, instead of receiving an email from a random individual, the scam artist will send you a personalized message that appears to come from a trusted source. It could look as though it comes from a friend, a business partner, a social media acquaintance, or even your bank. There are many variations of the scam, but the scam artist will often tell you a story to trick you into giving up your private information. For example, the fraudster may:
- Say he’s noticed suspicious activity on your account and wants you to verify your information
- Include a fake invoice
- Offer a government refund or claim you won a prize
So what are the warning signs of such scams?
- Phishing messages often look legitimate—as though they came from a person or company you know. It’s easy to spoof a logo, and scammers will often make their messages look like they are from a trusted source.
- They will ask you to click on a link or open an attachment.
- They may ask for you to provide passwords, bank account numbers, or other confidential information.
- They will use fear to try to pressure you to act quickly. They may threaten to close your account, fine you, or even have you arrested if you don’t move quickly.
What can you do?
- Protect your devices by using anti-virus and anti-malware software. Set the software to update automatically.
- Don’t assume that a message that looks like it is from a friend or business associate is real. Call or email the person or company to confirm before ever clicking on a link or opening an attachment.
- Most importantly, if you have any doubt—don’t click.
If you have been a victim of this online scam or any other fraud, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.