Cygale Pennant | Beware of phishing
“Do you have any Queens?”
“Do you have any Kings?”
Yes, this is a game we may have played. Each player fishing for cards, in pursuit of as many pair as possible and ultimately winning the game.
Today, scammers are on the prowl, going after our personal information, the ultimate prize being the access to our bank accounts and credit cards; or worse, identity theft – this is phishing.
As users of this digital space we have all seen it, perhaps unknown to many of us that a word exists in the English Lexicon for it.
I asked my colleague Lori-Ann Tugwell, crown counsel at the Office of the Director of Public Prosecutions, whether she has ever received a phishing email, her initial response was, “I do not know what phishing is”, but after giving it some thought, she quipped, “Is that when you receive an email from someone in the Middle East that they have land to sell, but in reality there is no land?” Indeed, that is one form, especially if you are requested to click a link and input personal information for further details.
Phishing scams come in many forms, some will ask you to click on a link to verify that an account belongs to you. When the link is clicked, you are taken to a website that asks for your personal financial information, ultimately opening the door to identity theft.
You might receive an email warning you that your email account is full, and you are in danger of losing your emails. Again, you are asked to click on a link that captures your personal information or install malicious software (malware) that steals data or destroys your computer.
The ingenuity of scammers has no bounds; a multitude of techniques are used to get information from their targets. These include:
1. Social engineering
This is where a target is coerced into divulging sensitive information through the art of persuasion. Example, pretending to be a family member with an emergency, forcing you to urgently send money to them.
2. Hyperlink manipulation
Here, the text of a legitimate URL is used to disguise a link to a phishing website. Example, you may have thought that you were navigating to your bank’s support page, but you discover that you were taken somewhere else.
A phisher registers a domain that is very close to a legitimate domain, hoping that their target will not notice. Example, a phisher pretending to be a Netflix support representative, might create a phishing site under the URL ‘Nettflix.com’ (notice the extra ‘t’ in Netflix).
4. Artificial intelligence (AI) voice generators
This is where a phisher uses AI voice generators to impersonate family members or persons known to you, to coerce you to divulge sensitive information.
HOW TO IDENTIFY PHISHING EMAILS
1. Pop-up advertisements
Scammers often add fraudulent messages that pop up when you visit legitimate websites. These pop ups will warn you that your computer is infected and instruct you to call a phone number or install antivirus protection. These advertisements are used either to install malware on your computer or to entice you to pay for a computer clean up that you do not need. Avoid pop ups at all cost!
2. ‘Too good to be true’ offers.
If an offer sounds too good to be true, it most likely is. Do not become overly mesmerised by offers such as an incredibly cheap vacation.
3. Requests for personal information
It cannot be overly stressed that your financial institution or network provider will never ask for your Tax Registration Number, bank account number or PIN via email. Never provide these details in response to an email.
4. Spelling and grammatical mistakes
When compared to a few years ago, scammers have got better at avoiding grammatical errors. However, if you receive an email littered with typographical errors, that email is likely a phishing email.
5. Generic greetings
Instead of being directly addressed to you, phishing emails might start with a non-specific greeting, such as ‘Dear Sir Madam’ or ‘Dear Account Holder’.
6. Requests for immediate action
Phishers need you to act quickly without you giving actual thought, hence the reason they will send emails asking you to immediately click on a link or send account information to avoid the suspension of your bank account.
Domonique Martin, crown counsel at the Office of the Director of Public Prosecutions, in offering guidance on what to do should you become the recipient of a phishing email, said that upon receiving these emails, her best defence is to not open them, but to block and delete them, and commends this practice to all.
Tamara Merchant, assistant director of public prosecutions, added to what Martin said, that is, she responded by deleting immediately and made a report to the Federal Bureau of Investigation (FBI) Internet Crime Complaints Centre. She also reported the phishing attempt to the legitimate company, highlighting that in one case this was Amazon.
Merchant stressed that in reporting phishing emails, we are protecting other potential targets.
WHAT DO YOU DO IF YOU FALL FOR PHISHING SCAM?
1. Contact your financial institution, so that they can freeze your accounts to prevent unauthorised purchases.
2. Immediately change your banking passwords. Use long and complex passwords that include a combination of numbers, letters and special characters.
3. Enable two-factor identification (2FA) This requires entering a second source of information, such as a code being sent to your smartphone to access an account.
4. Alert the Credit Bureau to prevent scammers from opening credit account or taking out loans in your name.
As highlighted by Merchant, an unfortunate truth is that “a successful phishing attack can ruin your company, your finances and your personal reputation”.
As such, as we navigate this digital space, vigilance is paramount. Our digital fortitude should be indestructible, so that when scammers cast their nets, it remains like the net of Simon-Peter and Andrew that fateful night on the Sea of Galilee…empty!
Cygale Pennant is crown counsel at Office of the Director of Public Prosecutions, Cyber Crimes Unit. October is recognised as Cybersecurity Awareness Month. Send feedback to email@example.com.