Phishy Activity

Cyber criminals are getting smarter every day and finding new ways to hack your information. A popular way cyber criminals get information is by using an attack called phishing. Phishing is when hackers lure victims into their scam by requesting an individual’s sensitive information. Oftentimes, these hackers appeal to the emotions of their victims as a way to more easily manipulate them. They use many different methods including pop-ups on websites, emails that ask for a reply, an ad link to click or download an attachment, fake shopping websites found on social media sites, messages stating information needs to be updated or that your account has been hacked, etc.  All communications seems to be by a legitimate person or companies like financial institutions, government agencies, online retailers, social networks and even people that a victim knows making it easy for anyone to fall victim to cyber scams.

Thieves are looking for any information they can use to make purchases, steal an identity, open credit cards and so much more including:

• Social Security Number
• Passwords
• Bank Account Number
• Credit Card Details
• PIN Number
• Address
• Birthday
• Mother's Maiden Name

What are the techniques?

Spear Phishing- Email directed to a specific individual.  This is currently the most successful technique. Attackers gather as much information on their target as possible including personal history, interests and other details to make it as personalized as possible.  This email works because it appears as if it came from someone the victim knows and requires urgent action.

Whaling Phishing- Directed at high profile targets such as upper management or senior executives.  This comes in the form of an email with subjects such as legal subpoenas, managerial issues or consumer complaints.

Cloud Phishing- This is one of the most popular trends in hacking because of the increased usage of cloud storage. Victims receive an email from the cloud service provider saying that they have been compromised and need to click the link in the email to remedy the situation.

Government Phishing- Many people have received a phone call from someone claiming to be from the IRS saying their taxes have not been paid. Be aware that government agencies will not initiate contact with you via email, text or social media and will not request personal information such as PIN numbers, passwords or other financial information. You can verify the contact by going to IRS.gov to search the form or notice number. If it is legitimate, you will find the correct contact information to respond.

Social Media Phishing- Facebook is the most popular site for phishing attacks. Hackers use a victim’s information on their page to access their account and send messages to friends to spread the attack. There are also a lot of fake shopping and travel sites that pop up on your feed so it’s important to always research before buying from a website you’re not familiar with!

So what happens next?

Once someone falls victim, a malicious code is added to their computer.  With the expansion of technology, this code now can land on many devices including a phone, tablet and even a gaming device.

Marine Bank customers should immediately contact us to shut off their debit card to prevent any further charges and take advantage of the “On/Off” feature to shut off debit cards directly from our mobile app. It also important to check online banking records to see if there are any transactions that are not recognizable. If there are charges, victims should contact their bank immediately. Freeze credit reports to prevent any further identity theft and change passwords for email accounts, online banking and other private accounts. Many email providers have a way to easily report phishing. For example, Gmail has a button in the drop down menu that clearly states “Report Phishing.”

How can you prevent yourself from an attack?

There are a few things to look for when receiving a suspicious email. Check the sender's email address to see if sender’s email matches the name and domain.  For example, an email from Old Navy may have a sender’s address such as oldnavy@email.oldnavy.com.  An email that is supposedly from Old Navy but has a sender’s email address from oldnavy@ffcasiousbay.com is likely a phishing email. Another item to look into is the content of the email. If the suspicious sender is asking to send or verify personal information by email, that is a sign of a phishing email. A good rule of thumb is to be suspicious of any email that has urgent requests or too good to be true offers. When in doubt, it’s a good idea to call a company directly to confirm whether or not it is truly them.

Trust your gut. If it doesn’t feel right or seems too good to be true, then it probably is not. Check out our other blogs on basic tips to keep your information safe online.