Phishing Vishing
No. That's not me!!!Hola amigos,
It’s been a while since I’ve put pen to paper (metaphorically, of course). After the long hiatus, and being sick to my stomach about the omnipresent online threats, I decided to share some workarounds. I must admit – I do not have a solution to all online problems, but I can still suggest remedies for some. Before I do that, let’s first try to understand how to tell a threat when you see one.
Cyberthreats don’t come with tell-tale red flags as they did in the 90s (that’s when I started using the internet first). In those days, one could spot an internet threat from a mile away. Gone are those days. Nowadays, internet threats are smartly disguised as necessities. so, here are a few of them:
PHISHING, VISHING, and SMISHING:
These are first cousins. While most cybercitizens may have heard of phishing, the other two are relatively unheard of. As defined by Wikipedia, Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. If that sounds gobbledygook to you, it simply means tricking you to share your PIN or Account Number with a random stranger (disguised as your mobile company executive or insurance agent or a salesman) over the phone. Thousands of gullible people have easily fallen prey to such tricks, and lost their life savings too. Sad! But as they say, “You get what you deserve”. In the 21st century, cyber-ignorance is a bigger sin. Technology is all-pervading, and saying something as lame as, “I don’t know” doesn’t clear you of your obligation to protect your belongings.
I got a call a few years ago. The caller said that my credit card has been blocked because they suspected a fraudulent purchase made on it. So far, it was an authentic possibility. This could happen to any credit card holder. I asked him which credit card was blocked, and he said, “The one you use”. When I insisted on knowing the name/brand of the card, he kept repeating his lines. This was a surefire sign that he was a scammer. Not wanting to play along or waste any more time, I just said, “Thank you for your concern. I’ll call my bank, and get the card unblocked”. The poor fellow knowing nothing more just hung up on me – but only after saying “F.U.”. No – I wasn’t mad at him – instead, I was laughing my _____ off. Some sore loser.
The remedy is simple… even if it was indeed the bank executive, and you still suspect it’s a scam – just say, “I’m busy right now. I’ll call the Bank helpline in some time.”, and oh, don’t ask him/her for a number. You’ll only get a SCAM number.
There are similar scams that revolve around QR codes, and payments (read: extortion). If you are even 1% suspicious of the caller, just say something smart like, “I don’t deal with finance in any way. My son/daughter/any relative is an expert at all this. I’ll get him/her to assist me when they get back home at ____ pm (always after 5, to make it sound authentic). Remember – there’s nothing more urgent than protecting your hard-earned money.
Similar phishing occurs via emails too. The email address looks ALMOST authentic. It’s easy for the ignorant to fall for this scam. I’ve been receiving emails from APPLE Security (almost once a month) that tell me that my Apple ID was used by someone in some godforsaken country (so that it alarms me), and that they’ve been kind enough to block my account temporarily. Now, they never asked me for any money. They just wanted me to LOG IN to my Apple Account by clicking on a link provided in their email.
Now, I do not have an iPhone – but to help my roommate once, I did sign up for an Apple Account (for his iPhone 3G). so, yes – I do have a VALID Apple Account. Too bad, I stopped using it in just a few weeks of creating it –, and that’s about 15 years ago. All I did was mark it as SPAM. To my surprise, I got another similar email a month or two later. I marked that as spam too. It was like a phoenix – always rising from the ashes (my SPAM folder). Now I was smarter – I set a rule to send all such emails (keywords specified) to a new folder I created, and named Pyrus Malus (an apple cultivar). Now every time the smart alecks send me that phishing email – I see one new unread email in Pyrus Malus. LOL time for me. Again.
VISHING is a more appropriate term since it simply stands for Voice + phISHING. Another type of nuisance is SMISHING – which by now I’m sure you have guessed correctly – SMS + phISHING.
SPAM:
This is a portmanteau word that stands for SPiced hAM. SPAM is derived from the act of SPAMMING which is defined by Wikipedia as Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for commercial advertising, non-commercial proselytizing, for any prohibited purpose (especially the fraudulent purpose of phishing), or simply repeatedly sending the same message to the same user.
SPAM, by itself, is harmless because it just refers to something unsolicited. Something you never asked for, but still got. It’s the content of such SPAM that could be a potential threat. Most email service providers (Google, Yahoo, Rediff, Outlook, etc.) have robust SPAM filters, and most of such unsolicited emails promptly land in your SPAM folder. Some, however, escape the watchful eyes of such spam filters, and do occasionally land in your inbox. It’s just a matter of time till you realize that, and ‘mark it as spam’.
As explained in my previous blog too, spam is sometimes a result of our careless behaviour too. You enter a shopping mall, and some wannabe canvasser approaches you with a LUCKY DRAW coupon, and convinces you that all they need is your name, mobile number, and email address. WARNING: all these 3 things (and a few other things) constitute your P.I.I. (personally identifiable information) – something which you should NEVER share – unless asked for by a legally verifiable organization e.g., Police, Court of Law, Insurance Company, your Bank, etc.
Not knowing best, most youngsters willfully give away such valuable information for free. Free? Charges? Confused? Yes – that information is charged otherwise by Google. How do you think credit card companies, life insurance agents, automobile insurance agents, non-banking finance companies, real estate companies, schools, colleges, etc. get your contact number? They buy that information from such data scammers. This time, you were the real culprits – you did not exercise caution. Without thinking twice, you gave away your valuable information to a perfect stranger. Reason? You got greedy. You thought you could win that LUCY DRAW – something nobody has ever won.
While most of you (only the smart ones) can avert this crisis – there are other places you just cannot avoid. A good example is websites that give you free software in exchange for just an EMAIL ADDRESS. No credit card details are required. You ask yourself, “What’s the harm? It’s just my email address they want. No big deal. At least they do not need my credit card details. So, it must be safe. Right?”. WRONG. It’s still your P.I.I. that you should never give out carelessly. Then you say, “What do I do? I need that software. It’s open source, and free. The website insists on getting my email address.”.
The solution is simple – temporary email. It’s a real thing. Just try this website. Copy the temp email from here, and provide it to all those email-hungry websites. There are some legitimate websites though – that really require you to sign in with an email address, and a password (newly created one). If you’re not sure whether you can trust website or not – just go to the W.O.T. website. Oh – WOT stands for ‘Web of Trust’. Enter the suspected website’s URL (address like http://…) here, and read the site review. If you’re convinced that it’s safe, then go ahead. Otherwise… Abort Mission! Abort Mission!
While there are more cyber nuisances, today, I’ll leave you with this thought. Till we meet the next time… hasta la vista, baby!!!