Let’s go phishing.
Unfortunately, we are not talking
about catching trout here. Forget the rod, but we are still talking about hook,
line and sinkers. Phishing is different kind of catch. As Merriam-Webster
defines it, phishing is a scam by which an email user is duped into revealing
personal or confidential information, which the scammer can use illicitly.
Most of us most likely have some
sort of phishing email in our inbox right now. With the advancement in
technology in the past few years, it has made it easier and easier for people
to phish our email accounts. While I was doing research on phishing this week,
I came across something that was astonishing to me. I came across a website
that actually taught people how to phish on Facebook. I did not have to do any
major digging to find this website, it came up with a simple Google search. The
website can be found here.
Basically, the website gives a
step-by-step tutorial on how to bypass Facebook security checks and phish
people. Although the article does offer warnings and disclaimers about
phishing, I was shocked to find this information so accessible online. There is even a discussion section at the bottom
of the tutorial where people discuss their phishing tactics.
Phishing can look may different
ways. With phishing, the adversary can be message-based deception or
identity-based deception or, in some cases, even both. It may appear to be
someone you know asking to “borrow” your password and email account so they can
contact someone or it may be someone pretending to offer to wire you funds to
get money “out of the country” in order to get your bank account information.
Even though these situations may seem like red flags to most of us, this is not
always the case because some adversaries are tricky to decipher. Luckily, both
the TechTimes and NCSU News provide great tips on how people can protect themselves from the
dangers of phishing. Some tips that I thought were the most helpful were:
1.
Look for urgency: If the message urges you to
take action right away or suggests dire consequences if you don’t, its probably
a phishing attempt.
2.
Pay attention to spelling and grammar
Misspelling and poor
syntax are typical of many, but not all, phishing emails.
3.
NEVER
provide your username and password when asked.
Discussion Questions:
1.
Besides the tips that were provided for phishing
protection, can you think of any more tips to help people protect themselves
from unwanted phishing?
2.
Have you ever fallen victim to phishing, or do
you know anyone how has? If so, what was the outcome?
3.
How would you suggest the problem of phishing be
approached? Is it something the government should be doing something about? Or
is it just up to Internet users?
4.
Have you seen any examples of phishing anywhere
besides on email or Facebook?