Don’t be bait for the bad guys

Column by Andrea W. Doray
Posted 4/27/22

I regularly catch two to three per hour and sometimes I can net dozens in a single day. Not to mention the occasional overnight haul. And such a variety!

This item is available in full to subscribers.

Please log in to continue

Username
Password
Log in

Don't have an ID?


Print subscribers

If you're a print subscriber, but do not yet have an online account, click here to create one.

Non-subscribers

Click here to see your options for becoming a subscriber.

If you made a voluntary contribution in 2021-2022, but do not yet have an online account, click here to create one at no additional charge. VIP Digital Access includes access to all websites and online content.


Our print publications are advertiser supported. For those wishing to access our content online, we have implemented a small charge so we may continue to provide our valued readers and community with unique, high quality local content. Thank you for supporting your local newspaper.

Don’t be bait for the bad guys

Posted

I regularly catch two to three per hour and sometimes I can net dozens in a single day. Not to mention the occasional overnight haul. And such a variety! “We’ve been trying to reach you ... you are entitled to compensation!” Or “Click here to check the status of your command.” And “Claim your complimentary chips to play at Lucky Casino!” Plus, what catch would be complete without the ubiquitous offers of coupons, discounts and even more free stuff?

I’m referring, of course, to phish, phishing emails to be exact. Phishing is the fraudulent practice by cybercriminals of using emails to induce people like you and me to willingly — and usually unwittingly  —  provide our personal information, such as passwords and credit card numbers. 

These emails often appear to come from reputable organizations. I get a spam net full of emails from recognizable “sources” such as Amazon, Kohl’s, Walgreens, GEICO and CVS ... some of which I actually do patronize. By the way, the “command” referenced above means my “order” from Amazon. 

I’m often threatened by the “IRS,” by any number of virus detection companies, “PayPal,”... on and on and on. “Someone has run a background check on you!” or “Negative items have been added to your credit report!” 

To combat truly awful consequences, I must “Take action NOW or [fill in the blank with disaster]!” Some emails are elaborately engineered, mirroring organizations’ actual graphics (known as spoofing) to reel in even more than my personal info ... I must send money orders or Bitcoin to retain my protection, avoid arrest or – gasp! – risk exposure for my supposed online viewing behavior. 

Fortunately, both my Gmail and Outlook email accounts cast wide nets, snaring most of these nefarious messages in spam filters, which I then promptly report. But here’s the thing about phishing emails: our spam-catchers are overwhelmed. 

Researchers estimate that of the 15 billion emails sent to our unsuspecting inboxes daily, more than 45 percent (and perhaps up to 75 percent) of this global content is spam. That’s a pretty big kettle.

So I’d like to be your guide to spotting – and catching – phishing emails before something rotten happens. First, always check domain names ... that is, where the email is being sent and where it’s coming from. 

For example, I received a phishing email to “dzdvffsd52az0@gmail.com.” Hmmm. And the sender? “Skinny199811@googlemail.com.” Surprisingly, I don’t know Skinny 199811 (and googlemail.com is not a legitimate domain).

Grammar and spelling errors are rampant, as is unusual language — that “command” instead of “order,” for instance. And one of the most recognizable hooks is urgency: Act NOW or something really really bad is going to happen to you, even if it’s missing out on one of the best offers you’ve ever received in your whole entire life. 

Don’t bite! If you’re concerned, or maybe just curious, input the URL of the organization by hand to check if something is truly amiss.

I also still receive the “foreign prince” emails from kind-hearted souls around the globe who desire to leave their substantial inherited wealth only to me ... if I provide my bank account for the deposit. 

But today’s sharks are much more sophisticated. With one in every 99 emails likely to be a phishing attack, without a strong line of defense, we’re all often little more than bait.

Andrea Doray is a writer who wants to remind us that the businesses and organizations being spoofed are also victims here. Contact Andrea at a.doray@andreadoray.com.

Comments

Our Papers

Ad blocker detected

We have noticed you are using an ad blocking plugin in your browser.

The revenue we receive from our advertisers helps make this site possible. We request you whitelist our site.