Phishing is the new normal, though I don’t think that was what Jesus meant when he told his disciples he’ll make them fishers of men if they follow him…
You have no idea what Phishing is, do you? Fret not, I’ll tell you! Phishing is when cyber criminals send fraudulent emails claiming to be from a legitimate source. The aim is mostly to steal passwords and credit card information. The word Phishing is actually derived from Fishing; this is because these criminals send out LOTS of fraudulent emails at a time, randomly, and just wait for whoever would fall victim. It is akin to casting out a fishing net with bait. Recently, a colleague of mine shared with me a phishing email someone had sent to him. Of course, I’ll share it with the congregation.
What stands out to you here? The way too many grammatical errors and misspellings, the bogus claims, the messed up salutation, the funny looking email addresses. If you actually take a moment to think on it, what kind of board requires the UN, FBI, AU, IMF and the World Bank to sit on such a matter? Fortunately for us, cyber criminals who indulge in phishing attacks are mostly dumb (check the screenshots again for proof), so it’s easy to beat them at their own game as long as you know their tricks. So here is a little bag of tricks for y’all!
1. Before you click on a link, BE SURE OF ITS ACTUAL DESTINATION: No matter how legitimate a link looks, just hover over it with your mouse for a bit and you’ll see the real address (where the link leads to) displayed at the bottom left of your computer.
2. Be extra careful with SHORTENED LINKS: Whenever you’re sent a shortened URL (that’s another name for links, it means Uniform Resource Locator but that’s not your business right now), just copy the link and go to http://www.checkshorturl.com; paste the copied link into the search box on the site and click on expand. It will show you the full link address, and screenshots of where it leads to.
3. Always look for the ‘S’ in HTTPS://: While sites that start with ‘http://‘ are not always necessarily scam sites or insecure, the ones with ‘https://‘ are safest for browsing and making purchases. The ‘S’ stands for Secure.
4. URGENT DEADLINES should always be treated with a decent amount of doubt: When an organization or person tries to get you to take ‘urgent action’ via email, pause. Go to the organization’s website and get an official number there to call and confirm the directive. If it is a person, use an alternative means (not email) to contact the person and confirm the message.
5. Beware the SPELLINGS!: Most phishing emails are filled with grammatical (spelling & punctuation) errors. Pay close attention.
6. Use a PASSWORD MANAGER so you can regularly change but still keep track of your passwords. And always use strong passwords. A strong password – a. Contains a mix of letters, numbers & symbols.
b. Is not your name, birthday, house number or any other such obvious info.
c. Is AT LEAST 8 characters long.
7. Don’t be GREEDY: If an offer is too good to be true, it probably is. Walk away. Because why would the UN just wake up and decide to send $5,000 to you, when they’re not mad?
The morale of the story is this – Cyber criminals will always PHISH, it’s part of their job description. It is your duty however, to avoid their traps and stay safe. So always watch carefully and pay attention to all the red flags…