There was a time years ago when any online activity, be it shopping, browsing, or email, was considered a novelty. Now, with online sales expected to top $600 billion and 6 of 7 Americans currently connected, the need for protecting yourselves on the web has never been greater.
With such a huge portion of the population performing day-to-day tasks online, the internet is a breeding ground for fraud. Take the recent incident with social scheduling tool Buffer. The service was hacked this past weekend,, with compromised accounts being used to blast weight loss spam links across Twitter and Facebook. Forunately, Buffer team moved quickly to address this breach, stopping all activity until they could identify the culprit. Even more fortunate for users, neither passwords nor billing information was exposed.
Another large brand experienced a security breach earlier this month when Adobe was hacked. In this attack, customer information was stolen. According to Adobe, “Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”
Unfortunately for consumers, these attacks rarely have a happy ending. Compromised information often manages to rear its head in the strangest of places. Consider the two offers below:
What if I told you that my sources have revealed that these offers are being run by online fraudsters utilizing utilizing stolen cardholder information to fund them? What if I told you that the accounts used to fund them may have been obtained from the Adobe security breach, or another related occurrence? At first glance, offers appear to be legitimate. Yet, notice the URL of the Yahoo sign in page. It is a dead giveaway for one of the oldest types of online Phishing scams currently running, that of a branded landing page sending users to a fake page. Now, consider the support offer. In this example, the page lacks legitimate information in the “About Us”, and instead tries its hardest to drive the visitor to call the telephone number provided. There are no other lead gen attempts other than receiving a phone call. Some pages take things a step further, claiming to be “official” support pages for the likes of AOL, Yahoo, Norton AntiVirus, and other established brands. Many surfers would make the honest mistake of trusting these sites, which is exactly what those perpetrating the fraud are banking on.
What can you do to protect yourself from online phishing scams? Here are some tips and tricks to consider:
1. Don’t trust a site just because you arrived there via a paid ad. Ad networks are not necessarily going to catch a phishing scam be perpetrated by their customers. In many cases, scammers will hit a network with their offers until the network shuts them down, and then move on to another.
2. Always Be skeptical. Consider your history with the brand name associated with the offer. Think, “Why would [insert brand] pay to advertise their login page?”, or “Why isn’t[insert brand]’s offer page on an official URL?” If you have any doubts about a page,leave right away.
3. Do your research. Phishing scams aren’t new, and most online businesses are well versed in the best way to deal with clients. Legitimate businesses will never ask you for things like your password, email address, social security number, etc., over the phone. Check the search results for scams related the brand represented, as well as social media sites like Twitter.
4. Never give any personal information over the phone. Ever. Never give information away to anyone over the phone, especially if you are not 100% certain of their legitimacy.
Remember, identity protection starts and ends with you. Stay safe online by using these common sense tips and ring in the holidays right!