Steve F. lives in the suburbs of Kansas City, Missouri, and is a retired government employee. Steve had antivirus software and a firewall, and kept them up to date. He knew not to click on an attachment in an email if he wasn’t expecting it, and he knew that this precaution applied to email from friends as well as "unknown" senders.
One day last September, Steve received an email that appeared to come from his bank, asking him to logon to his banking and investment account to update his personal information. He clicked on the URL in the email and went directly to his bank’s Web site - or so it seemed. In reality, the URL in the email took Steve to a ‘look-a-like’ Web site. The site looked identical to his own bank site, so when he was asked for his account number, username and password, he automatically started to type them in. Then he remembered something he had heard at a talk given at his local Rotary Club approximately two months before.
The featured speaker talked about pishing attacks – specifically mentioning look-a-like Web sites. The key to recognizing them, Steve remembered, was that a bank would never send its customers an email with a link in it asking customers to click and log in to their account. “If you receive such an email”, said the speaker, “simply discard it.” So he did.
Steve had just been the latest intended victim of the very thing he’d recently heard about - a phishing attack. However, he remembered just in time the simple rule that a bank should never send a Web link asking for personal information via email. Had he entered the information he was asked for, the cybercriminals would have everything they needed to manipulate his banking investment account.
One day last September, Steve received an email that appeared to come from his bank, asking him to logon to his banking and investment account to update his personal information. He clicked on the URL in the email and went directly to his bank’s Web site - or so it seemed. In reality, the URL in the email took Steve to a ‘look-a-like’ Web site. The site looked identical to his own bank site, so when he was asked for his account number, username and password, he automatically started to type them in. Then he remembered something he had heard at a talk given at his local Rotary Club approximately two months before.
The featured speaker talked about pishing attacks – specifically mentioning look-a-like Web sites. The key to recognizing them, Steve remembered, was that a bank would never send its customers an email with a link in it asking customers to click and log in to their account. “If you receive such an email”, said the speaker, “simply discard it.” So he did.
Steve had just been the latest intended victim of the very thing he’d recently heard about - a phishing attack. However, he remembered just in time the simple rule that a bank should never send a Web link asking for personal information via email. Had he entered the information he was asked for, the cybercriminals would have everything they needed to manipulate his banking investment account.
No comments:
Post a Comment