the dangers of phishing
Phishing messages – designed to trick you into giving up logon credentials to a website – are an ongoing scourge of the Internet.
Most of us can spot phishing messages a mile away.
But there is something important to remember about phishing messages – it doesn’t matter how sophisticated or how well-written the fake message is. What matters is whether or not it hits one of your psychological or emotional weak points. Because no matter how technically knowledgeable or experienced you are, we all have psychological or emotional weak points, and a really effective phishing message is one that mashes one of those buttons.
A few examples may demonstrate the point. Like, say you’re running a low balance in your checking account, and you get a message from your bank that you’re overdrawn and overdraft fees are now applied. Or you have a teenager, and you get a message saying that his or her number has gone over the data cap limit, even after you’ve told the kid again and again to stop wasting data. Or you’re waiting for a test result from the doctor, and you get a message that you need to log in immediately to see the urgent results.
Now, in all three of these cases, the messages are fake. They may even be badly written and have obvious errors. But if the message hits an emotional sore point, the emotional reaction will override critical thinking, and you might click and log into one of the fake links in the email before your brain can catch up to your emotions.
This almost happened to me yesterday – I got an email from “Facebook Ads” claiming that my Facebook Ads account had been suspended for undisclosed violations. My immediate reaction was massive annoyance. As I’ve mentioned before, I (along with many others) had lots of problems with my Facebook Ads account getting banned randomly in 2020 and 2021. It’s gotten better since then, possibly because Facebook burned up 2/3 of its company value attempting to build a bad copy of Second Life and can’t really afford to be so ban-happy with advertisers any more. (Turns out businesses need revenue! Who knew?) Nevertheless, I was very annoyed at the email – this nonsense again?
But! I didn’t click on any of the links in the email. I had the Facebook Ads Manager open in another tab, and I checked it. Everything was firing along just fine, and indeed my ads were getting a good cost-per-click that day. So after a second of confusion, I realized what had happened – I had almost just been phished.
It was a good reminder to always be cautious on the Internet and to always practice good data security – never click on links in an email from an unknown sender, never open attachments from unknown email senders, keep separate passwords for every account, use two-factor authentication when possible, avoid doing anything involving personal data on public WiFi, and similar things. The basics aren’t terribly flashy, and there’s no such thing as perfect security, but practicing the basics will highly increase your odds of avoiding trouble.
I used the Maestro picture for this post because Maestro would definitely approve of a phishing attack aimed at someone’s psychological buttons. 🙂
-JM
Very important
They are not all as easy to spot as the text I got from “apple” on my android phone.
The other one I got at a similar time was the delivery company needing to redeliver a package I was out for, I wasn’t expecting anything and my misses was in the house at the supposed delivery time.
My recent one was a phone call from someone purporting to be from the Visa Fraud department, and asking me if I had made a recent charge. The problem was that there was a lot of chatter going on in Swahili (or something like it, I’m no expert there) and the woman talking to me had a similar accent. When she requested that I provide my PIN and security code in order for them to remove the charge, I started laughing and she hung up on me. I’ve gotten plenty of Nigerian scam emails, but this was the first Nigerian scam phone call for me.