With every generation and social advancement there are always con artists who labor to take advantage of others. The schemes we see today are really no different than the schemes from centuries before, just the same old tricks leveraging new technology. I believe that John Stark, chief of the Office of Internet Enforcement at the Securities and Exchange Commission (SEC), put it best, “Fraud today has a technological twist, but is really old wine in new bottles. The Internet is a great tool for the con artist, though also a tool for law enforcement because it provides a trail.”
Phishing (pronounced “Fishing”) is an online fraud technique used by criminals to entice you to disclose your personal information. Phishing is the fastest rising online crime method used for stealing personal finances and perpetrating identity theft. Please note that the Office of Education Technology and KDE will NEVER solicit your usernames, passwords, or any personal information from you via email.
Top 5 most common phishing attempts:
1. Attacks that rely on forging identities – In this scheme the con artists change the name associated with an email address to a trusted, well-known name, like for example, “Help Desk” or “Technical Support,” even though their email address still shows as “YourSlyConArtist@provider.com”.
2. Attacks that use stolen accounts – In this variant the con artist will use the username and password from a previously compromised account to send a link to everyone in the contact list for that account. If you click the link you’ll then be routed to a website designed for malicious intent. These are very difficult to guard against so always be on the lookout for uncharacteristic emails. Also be sure to treat your password like your toothbrush, don’t share it with anyone and get a new one as often as possible.
3. Attacks that ask you to provide credentials over the phone – In this scheme the con artists use fear as a motivator. They often tell you to call a number before your bank account is closed; your electric is shut off, etc. The con then uses a person or interactive response system to gather your account number from you, a personal identification number (PIN), password, or other personal information.
4. Attacks via forged websites – In this scheme the con artists will register website domain names that look very familiar but they’re designed for malicious intent. For example, let’s say your bank is OET Savings and Loan with the legitimate web address of www.OETSavings.com. A common scheme would be to send you a convincing email asking you to click a link for www.OETSaving.com, www.OETSavingsAndLoan.com or www.secure-OETSavings.com.
5. Social engineering attacks – In this scheme the con artists will leverage information they find about you on social networking sites to attempt an attack. Perhaps posing as an old business contact asking you to reconnect with them.
Now that we’ve explained what phishing is, would you like to test your phishing skills? Please visit this link http://www.sonicwall.com/phishing/ to take the phishing IQ test. Can you score 10 out of 10?
To provide feedback or submit a technical topic/question you’d like to see addressed, please send e-mails to Matt.Jury@education.ky.gov.
Published 7/11/2010