RT Cunningham


Phishing Expeditions and the Phish They Want to Catch

phishing I have never been the victim of a phishing expedition. I’ve been targeted many times but I’ve always been smart enough to recognize the scam before it starts to worry me. Others are not so lucky.

Phishing expeditions are increasing because of the huge data breach dump now available to unscrupulous online hackers.

Phishing Expeditions by Phone

A few years ago, but sometime after December of 2014, my wife was a phishing target. The perpetrators went through the trouble of contacting multiple relatives, trying to get information on her. The problem they faced was that Josie was with me in the Philippines and difficult to find by people in the United States.

Someone, I don’t remember who, was contacted by someone pretending to be an attorney. He gave his name as Jonathan Swift, which was also shown in some kind of official-looking document sent by email. When I found out about it, I searched for any attorney with that name anywhere in the United States. I couldn’t find even one. Jonathan Swift is a historical character.

Today, my older son received a call from someone claiming to be from the Department of Social Security. I was listening and that was the caller’s first mistake. It’s not a department. The second and last mistake was that he asked Joseph to confirm his social security number, something that no government agency would do over the phone.

Phishing Expeditions by Email

This is probably the most common method of attack. I was a target about a month ago and I wouldn’t have even known about it if I hadn’t scanned my spam folder. The perpetrator threatened to expose my web browsing activities on social networks if I failed to transfer some bitcoin amount. Ha! I have nothing to do with bitcoin anywhere.

Even though the hacker had one of my passwords for an online account, I didn’t use that password anymore, for anything. The mistake he/she made was that I didn’t care if anyone knew about my web browsing activities. I don’t have anything to hide.

Don’t be a Phish

Phishing (not fishing) is a serious problem and it’s not limited to email. Hackers will try to use one way or another to get you to reveal enough information for their purposes. Sometimes they want to get into your bank account and sometimes they just want to get into another of your online accounts.

The secret to being safe is to never reveal sensitive information to anyone without knowing exactly who you’re dealing with. Government agencies are not allowed to ask for sensitive information over the phone or even with a letter by regular postal mail. Even banks and other legitimately interested parties are careful not to state entire account numbers over the phone.

If you’re going to furnish any information to anyone, you need to do it in person. If the other party isn’t willing to do it in person, you have no obligation to furnish it at all. Of course, I’m talking about other people fishing (or phishing) for information, not online applications you fill out and things like that.

The bad guys want your money, or someone else’s money, using the information you give them. It’s that simple. Be careful.

Share: Facebook | Twitter

By RT Cunningham
February 1, 2019