I occasionally investigate account hacks or take-overs. This is one of those situations where an ounce of prevention is worth more than a pound of cure.
The majority of accounts, social media or bank accounts, are hacked because the user unwittingly gave the hacker all the information they needed: their username and password. The most common method of doing this is through a phishing (pronounced: "fishing") scam.
The target gets an unsolicited email from what looks like a legitimate source (bank, Facebook, etc). The email may say, "We have found possible fraudulent activity on your bank account. Sign in to verify your purchases." The panicked target will click on the link or button provided in the email. They are taken to a website that also looks legitimate. They enter their username and password and press "enter." The target has just entered their log-in information into a shell site, and their username and password was sent to the hacker who is now quickly logging into the target's account and taking their money.
These two screen shots are examples of phishing emails. One is for Paypal and the other is for Facebook. How can we tell if an email is legitimate or not? Have a close look at these emails and then below we will explore the tell-tale signs of a phishing scam.
How we can tell if we are the target of a phishing scam:
- Always regard unsolicited emails that request your personal information with skepticism. It is unusual that a bank or social networking site will email you about fraud. Usually, banks will call you on the telephone. Regardless, close the email and go directly to the website on your browser, or call them with the number printed on your bank statement.
- Never click on any links or attachments in the email. It is critical that you NEVER click through to a website or open an attachment from an unknown/unsolicited email. Clicking on a link may take you to a fraudulent website, and opening an attachment could launch an application on your computer that ?will infect your system with a virus or malware. One particularly bad malware going around is "ransome-ware." It is a program that locks up the contents of your computer and can only be unlocked if your pay the people who did it. These people live in Russia or China, making prosecution impossible.
- Check the destination of the links. If you hover your cursor/pointer over the link in the email (do not click on it), you will see the link's destination (see the above Facebook email). You will see that the destination web address is NOT your bank or Facebook.
- Read it carefully. Many of these scammers are from foreign countries. English is not their first language. You will commonly see misspelled words or obvious grammar mistakes.
You are now probably asking yourself, what do I do if I get one of these emails? Do I call my local police agency?
If you are a victim of Internet crime, report it to: The Internet Crime Complaint Center (IC3). IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
Parents, share this information with your child who has an email and social networking accounts. Your children are easy prey to these phishing scams. Their Instagram account can be taken over by a hacker, ransomed or used for some other nefarious purpose.