In addition to all of the other prophylactic advice that we have given in this column, let’s apply a little common sense to phishing attacks in particular. First, limit your exposure. This means that you should adjust the privacy settings on any social networking site you frequent to make it at least difficult, if not impossible, for unknown persons to post content on your page. Second, watch your email inbox like a hawk. A little trick I use is that whenever I see an email that raises any suspicion in my mind, I leave my desk to get a cup of coffee or a Coke Zero. This prevents me from acting impulsively, with the kind of curiosity that could potentially allow cyber ninjas to crawl into my life. Another simple stratagem is to observe the full email address of a sender before you open the email, let alone any attachment. Many email systems permit you, by means of rollover or otherwise, to see the full email address of the sender before any other action is taken. This way, when the sender shows up as your old friend “Tom Foley,” you might see that the email address of that phony Foley is actually something that ends with “.ru”—a dead giveaway.
Unfortunately, there is no trick aside from good old-fashioned caution and vigilance that can protect you from an email sent from a real friend’s actual email address after his address book has been compromised. Identity thieves are getting smarter and gathering information damn near every cyber-minute. They are an opportunistic bunch, and will take advantage of any news item that is likely to lend credibility to their attacks. Whether it’s bin Laden’s death, a tornado, or even a Lady Gaga sighting, any major event will give rise to new and ever more sinister phishing expeditions.
Of course these events have always appealed to a capitalistic zeal. I noticed today that the T-shirts commemorating bin Laden’s death are already out in the street vendors’ carts. The ones I saw had something like the “Ghostbusters” logo, except that inside the circle with a line through it was a picture of bin Laden, not your ordinary ghost.
Whether such opportunistic profit seeking lures or repels you, when current events are used to bait a phishing hook, it’s definitely poison.
[Fraud Resource: Free Identity Risk Score and personal risk profile]