Plenty of Phish in the Sea: Detecting and Avoiding Scams

Plenty of Phish in the Sea: Detecting and Avoiding Scams

Phishing scams are among the more subtle of cyber threats — and often the most destructive. Consider these tips for protecting your information in the digital age.

Casting a Wide Net

So what exactly are phishing scams? The fraudsters of the digital age, phishing refers to online scammers who operate by impersonating reputable agents, such as financial institutions, cable providers, and any other entity that may request personal information. Most often, phishing scams occur in the form of emails requesting information such as social security numbers, routing numbers, and bank account data.

Other common phishing scams include emails with links to fraudulent websites that mirror legitimate entities. Malware may be contained in attachments or consumers may be instructed to respond to an email within a given amount of time, thereby allowing the scammer to obtain private data. Phishing scams utilize the same marketing and data acquisition techniques as social media outlets, often pulling thousands of user trends from sites such as LinkedIn, Facebook, and Twitter. Simply put, phishing scams are the impostors of the internet.

Reeling ‘Em In

Fishing scams come in two main varieties — spear phishing and whale phishing. Spear attacks target individuals, while whaling targets high level executives on a larger scale.

Pharming is another often used technique wherein users are redirected to a scam website or a cloned variant of a reputable site.

Voice phishing via communication media such as GoToMeeting and Skype is another form of digital deception that is on the rise. This type of phishing takes the form of phone calls from the IRS and other entities using prerecorded voice over technology.

Mobile devices may fall victim to similar scams in the form of SMS phishing. Like email scammers, SMS fraudsters use text messages to impersonate legitimate agents.

Shark Proof Your System

The prospect of having your personal information stolen can be daunting. Fortunately, there are ways to protect yourself from phishing scams that won’t turn your data into chum.

Stay informed on phishing scams and know what to look for. Double check URLs and domain names. Often, a scammer will use a false domain name that vaguely matches the email of a reputable entity. If a site looks suspicious, exit. Bookmark links to login pages for banks, credit cards, and other institutions so that you enter via the same secured link every time. Do not open attachments or links from unknown senders and always have a reliable firewall in place.

Install a secured VoIP system for business communications and know which institutions will — and will not — request information via phone. For example, the IRS will never contact you via phone or email.

Pay attention to the language being used. It is unlikely that a legitimate financial institution will ever request login credentials or personal information via email. Lastly, follow the cardinal rule of internet safety — do not ever disclosure your social security number in an unsecured form such as an email or website.

To stay up to date on cyber security, check out our YouTube channel or contact us to learn more!

What is Phishing and How Can I Avoid it?

What is Phishing and How Can I Avoid it?

Phishing is a popular scam in today’s digital world. Pronounced as “fishing,” this form of fraud is when a criminal targets their victim by email, telephone, or text message. These messages often contain malicious links, attachments, or other forms that require an unsuspecting victim to enter their personal details which are then stolen by the attacker.

How Can I Spot Phishing?

The good news is that phishing can be prevented. Here are a few ways to tell if you’re being scammed and how you can avoid it.

Poor Grammar

Many phishing messages, including emails and text messages, are poorly written. If the grammar or structure of the message seems off, it’s probably fraudulent.

Unknown Sender

If the message is coming from an unknown address or number, chances are it’s not legitimate. If you’re unsure if an email address is safe to reply to, look up contact information of the original company. If the domain name (last part of the email address) does not match, it’s fake.

Unknown Links and Attachments

If a message contains a suspicious hyperlink, don’t click it and assume it is malicious. Hovering over hyperlinked text can reveal the real destination of the link without opening the link and exposing your computer. Do not click on shortened links such as Bitly because these can be used to disguise longer malicious links.

Logos and Images

If the scammer is trying to imitate an existing company or service, look for official logos and high-resolution images. If the logos are cut off or pixelated, the message is fake.

Be careful not to rely on official logo usage when determining phishing. Advanced scammers can use high-quality logos without permission of the original company.

How Can I Avoid Getting Scammed?

Phishing is preventable if you know the signs. Approach unfamiliar or suspicious messages with caution and don’t be afraid to ask a third party if you think you might be facing a scam. Never give personal information through the phone or web unless you are the one who initiated the situation and are sure you will be safe.

If you suspect you are the target of a phishing scam, do not click any links and delete the email. If you received the message through a company, school, or other corporate email, alert your company about the message so they can warn others about the dangers of phishing.

WheelHouse IT provides technological services and security measures to help prevent you from phishing scams. Contact us if your business is interested in working with a technological adviser. 

Securing Your Google Account: The Unofficial Guide

Securing Your Google Account: The Unofficial Guide

If you use a computer today, there’s a fair chance that you have a Google account. The practicality that if offers with its comprehensive service offerings simply can’t be ignored. However, it is also important that a user’s, whether they utilize it for business or personal use,security isn’t ignored either.

Unfortunately, security is precisely what is often ignored, mainly due to ignorance as to why and how to secure their account. Here, we will cover both why a Google account absolutely must be locked down, and how to go about doing it.

What Makes a Google Account So Valuable

There is a huge discrepancy between the impression of what the Internet itself is for, and what it was actually created to do. While a great amount of the Internet is utilized as a means to store personal and private information, it was actually intended to share information as effectively as possible. The word Internet itself reflects that, derived from inter (reciprocal or shared) and network (a system of connected things).

From the very start, the Internet was meant to be an information dispersal tool, enabling anyone to access the knowledge they wanted. Back in 1962, MIT’s J.C.R. Licklider described a system he called the“Galactic Network” in a series of memos. The Galactic Network was meant to connect computers all around the world so that data and programs could be shared. Sir Tim Berners-Lee, the man credited with inventing the World Wide Web, did so based on the ideals of access and openness. As he put it:

“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”

This viewpoint informed the Internet as it largely exists today: a space where things can be shared, unfettered by any central point of control. This is the framework that the ideals of net neutrality and group participation flourish in, censorship stomped down through accessibility. It’s almost funny that we try to keep anything on the Internet a secret anymore, looking back at its original purpose.

Yet, as the Internet was leveraged for additional purposes, there was an increased need for privacy and security. Many communications shared online contain confidential information that needs to be shared exclusively with certain users. As a result, a new online environment emerged, where security measures restricted access to information to only those with the right credentials. This new approach has proved beneficial for businesses and individuals alike and is why Google has grown to offer what it does today.

Google’s Assorted Services

While Google originally started as a dissertation project by two PhD students at Stamford, its uses have expanded greatly in the years since. G Suite applications, like Google Drive, Google Docs, and others have assisted businesses greatly, while many private users have leveraged services like Google Maps and Google Drive for their own ends.

Perhaps most of all, users of all kinds have opened Gmail accounts, and have used these accounts to sign up for other assorted web services… and this is the where the potential problem lies.

How much do you rely on Google, in terms of accessing your online accounts? How much impact would the compromise of your Google account have?

It May Be More Than You’d First Think

Let’s look at the tendency to use a Gmail address whenever an email is required, or to save a password for easy access,or even to link a Google account to another profile. This all makes Google the most convenient option–if all you need is an email to create a profile, why not just use the one that you use for everything else?

Really, when all is said and done, Google is the choice that makes the most sense. Google offers reasonable security, and the other capabilities it offers deliver some compelling reasons to use it a soften as possible. However, there is a consideration that many overlook, to the potential detriment of the security of all of their accounts.

Setting up an account through Google means that account is only as secure as your Google account is.

Or in other words, if someone were to access your Google account, they have everything they need to access every account that you connected to Google in some way, shape, or form. This may mean more to you than you’d realize.

A Brief Demonstration

If you happen to be reading this on a desktop,go to your Google account by clicking here. Under Sign-in & security, click into Apps with account access. This will show you a list of all the applications with access to your Google account, along with a list of the websites that Google Smart Lock has your credentials to.

How long is your list? Does it happen to feature your bank?

If so, someone who gains access to your account could easily commit financial fraud. They could also use their access to your email to tell your bank that “you’ve” forgotten your password, resetting it and locking you out.

The Quandary

Unfortunately, the usefulness that Google delivers is too great to ignore as well, to the point that it is almost irresponsible to pass it up. This leaves us at an impasse of sorts–do we embrace convenience at the cost of security, or improve our security while sacrificing convenience?

The good news is, you don’t have to choose, as long as you have properly secured your Google account.

A daunting task, yes, but only because we have grown accustomed to Google providing one-click solutions. While there is no magic option that will keep you completely safe, securing a Google account is possible if the right precautions are taken.

Protecting Your Google Account

Again, these aren’t magic options, which means that that these aren’t solutions that will work indefinitely. Rather, they will require repeated activities over time. What follows are the steps you need to follow in order to protect your Google account, and by extension, your data.

Passwords and Account Security – Of course, this goes for all of your accounts, but because your Google account has so much tantalizing info in it for a hacker to leverage to their advantage you need to be extra careful in locking it down. Therefore, you need to ensure that access to it is sufficiently protected by a password in keeping with best practices, as well as the access point used to log into your account.

A good rule of thumb is to avoid using devices that are open to the public in order to access your accounts. This is because a cyber criminal may be able to access your account after you have finished your work, and the fact that these devices are petri dishes for cyber attacks doesn’t help either. Public Wi-Fi signals should be avoided for similar reasons. All the convenience in the world isn’t worth a security breach.

Two-Factor Authentication (2FA) – In addition to being smarter about how you access your Google account, you should establish additional requirements to make it more challenging to do so. Two-factor authentication can be a highly effective way to prevent unwanted access to an account, as long as it’s approached correctly.

The crux of the matter is this: not all two-factor is the same. If given the choice between a text-based 2FA solution or a mobile application like Google Authenticator, you should utilize the app. It will be the more secure option.

Furthermore, your Google account will give you access to a list of authentication codes that each have a one-time use. These can be used if you don’t happen to have your mobile device handy. Furthermore, these can be reset whenever you need to, so if you happen to lose the list, you don’t have to worry.

Log in to your Google account to set up these features and the others that are offered.

With the amount that the average Google account is linked to, it is paramount that its security is preserved. WheelHouse IT can help you preserve not only the sanctity of your Google account, but your entire IT infrastructure. Give us a call at (877) 771-2384 to learn more.