With all of the Twitter hackings and attempted online scams lately, online security has come into question. A collection of digital security companies known as the Anti-Phishing Working Group recently released a study showing the amount of attacks is on the rise and a high number of brands are being hijacked by cyber-criminals.
How is this happening? Cyber-criminals are using a tactic known as phishing to get access to usernames, passwords and credit card information to hack into personal accounts. By pretending to be a well-known entity, phishers get users to hand over their personal information because the users think they are giving it to a company they trust. This happens most commonly with social websites, online payment processors, IT admins and auction sites.
An example of phishing would be adding a trusted company name to the beginning of the URL to trick people into thinking the page is part of the company’s domain. If you got a link to trustedcreditcardcompany.scammers.com, you would actually be directed to scammers.com and not trustedcreditcardcompany.com, even though the name of your credit card company begins the URL.
Phishing is also common with emails, as fraudsters send messages to people acting as a known brand and include a link that goes to infected websites. People think they are receiving the email from a source they trust, so they click the link, and then their computer gets infected and phishers can access their information. The report by Anti-Phishing Working Group states that as of December 2012, 54 percent of phishing tries used a brand name in their scam URL.
So how do we avoid this? First, and probably most obviously, never send personal information through email. Verify information on the phone and always type in a URL instead of clicking a link if it seems a little out of the ordinary. If you think phishers are trying to reach you through a website, check to be sure the URL starts with “https” before you enter any personal information and if there is a padlock on the site, check the security certificate.
As a general precaution, try to stay up on the current phishing attacks being reported in the news so you can look out for them. Report any scams you come across yourself to the company being misrepresented so they can take action if necessary. The best way to protect yourself is through awareness and research. Understand the frequency of hacking and scamming is on the rise and be careful with your personal information online.