Phishing for ProAdvisors
The latest blog by Charlie Russell over at the Sleeter Group (http://www.sleeter.com/blog/2015/07/watch-out-for-proadvisor-phishing-emails/?dysig_tid=2560ebf4eb8f425290295dd402d03520) is once again reminding us to be wary of what we receive in our emails.
Phishing is nothing new. It was here before computers, and it will continue to be here for years to come. Phishing, of course, is a play on the word, fishing, in which someone throws a line in the water with bait and waits for an unsuspecting fish to swim by. Of course, the lake they are casting into is the massive ocean we call the Internet. As a whole, we tend to forget there are millions of people on the Internet whom truly do not understand the dangers that lie around them. Many swim through the ocean of data, playing in the YouTube kelp beds while searching for the latest CATfish memes. Innocence is not a virtue on the Internet, and Phishing experts are pro’s at playing the line. Like skilled fly fishermen, they dangle the fly, lightly playing the line while the unsuspecting fish watches hungrily. Anyone who is honest with themselves will tell you they have been scammed, lured in. We have all delved too far into the murky waters of the Internet and found ourselves hounded by viruses and Malware on our computers. We are all guilty.
But phishing has been around a very long time. Before computers, we received phishing phone calls telling us we missed a payment for our utility bill and if not paid immediately our power will be shut off. How many seniors have been scammed out of thousands of dollars through phone calls harassing them, telling them they owe the IRS and have to pay immediately or they will lose their homes? Before phones, it was through letters and fake invoices, and before bills it was through snake oil salesmen. Even President Lincoln fell for a phishing scam and lost $22.35 (that was a lot back then). Every medium they infiltrate they become better skilled. Their emails look like they come from Intuit, Bank of America and Microsoft. It is no longer a game, EMC2 stated estimated losses worldwide were over $4.8 billion, not including tech time to block phishing schemes.
Cyveillance released this chart to show how effective phishing can be:
What is important to note here, phishers know they are going to nail 10%! How is it we are still gullible and fall prey to these attacks?
- They are brilliantly good – It looks legit, the emails are professionally designed. This is not some kid in a basement, it is quality design, and they have become experts in code, using every technique to mask themselves.
- We are innocent – The majority of us believe what we see. “What do you mean we missed a car payment?” “I owe Intuit for QBO?” Our desire to do right, and to be right, many times drives us to action without thought.
- Distracted – Work/Life balance is already difficult, many times we click and do an action before our brain even says, “What a minute, what are you doing?” How many emails have you sent where after clicking send you wish you could get back?
- Age – The older we get, the more our brain has to take the time to understand what it is seeing. We are also more susceptible to fear. No one wants the IRS knocking on their door, or the repo man taking our car.
By the way, it is time to stop name calling in regards to people who fall for phishing attacks, the guilt and fear they feel punishment enough. If we want to stop phishing warfare, we must take the battle to them. Educate not Humiliate should be the mantra. We need to take our clients, family and friends by the hands and assure them it happens to everyone, and they should not feel shame. We need to teach them to not trust what is seen before them; companies do not send emails telling you they are going to shut down your business or take your car.
Although Charlie Russell’s blog was outstanding in pointing out ways to avoid phishing schemes I would like to add a few more to the list, so we can work together to educate:
- Trust no Email – Companies use webmail to communicate with clients now. If you get an email informing you of missed payments, utility issues, phone problems or other challenges, first go to the ACTUAL website, do not click on the links on the email. If Intuit sends you an email, go directly to your search engine and TYPE in Intuit. Do not copy and paste, do not click the link. Sign into your account and look for messages. If there are none, odds are you are looking at a phishing scam.
- Call the Company – When you get a phishing email or call, call they corporation they are pretending to be. DO NOT use a number they give you. Go to Google and look up the corporate number and verify. Tell the Company you received phishing emails or calls so they can tell other clients and customers.
- Contact elderly family members – Tell your parents or grandparents to watch out for phishing scams, show them what they look like, educate them on phone and email safety and to not be bullied by phishing artists who will use fear tactics. Offer a class to a senior home on the dangers of phishing, get active!
- Stop Being Part of the Problem – Stop forwarding Facebook posts, Tweets, and emails until you have verified the truth. Disney is not going to give away lifetime passes to Disneyland if you forward a post twenty-two times. Jimmy does not want you to send 400,000 birthday cards. If you are unsure, go here: snopes.com . They are way ahead when it comes to scams.
Phishing will only end when the nets they cast come back empty. We must be smarter than the sharks which patrol the Internet oceans. As phishers improve their camouflage, we too must learn to wear safety shoes in order to avoid stepping on their poisonous spines. Only through vigilance and education can we avoid the dangers of open water.
Enjoy your swim, but be wary of beautiful lures.