The Unfortunate Truth about Email & Text Phishing

hacker in skull facemask and dark sunglasses

When we refer to account hacking, it usually isn’t as cinematic as hollywood would lead you to believe. More often than not, accounts get hacked due to the following;

  1. Having weak passwords

  2. Password sharing

  3. Text Phishing

  4. Email Phishing

  5. Scam calls

  6. Cat fishing

It all seems a little underwhelming when you think about it, but what can happen as a result of hacking is anything but underwhelming.

It is estimated that 95% of students, whether they know it or not have been victims to a varying degree of hacking by the time they leave high school.

Unlike hoaxes, scams are intended to get money or something else of value from their targets, like your personal information or remote access to your device. The Office of the eSafety Commissioner has some good information on identifying, avoiding and reporting scams. Many of the precautions that will help protect you from scams are part of being a good digital citizen, such as:

  • being aware of and using your social media privacy settings

  • using strong passwords

  • taking care with your personal details

  • using anti-virus software and keeping it up to date.

Let’s take an expanded look at the contributing factors to most hacks.

Weak Passwords

Over 5% of the world uses one of the aforementioned passwords, making basic hacking efforts simply a numbers game.

Research has found that most people when creating passwords, use family or pet names at the start, followed by numbers and/or symbols at the end. Due to this commonality, some hackers have created code systems which with around 5 key points of personal information can quickly generate a list of potential password options to your accounts.

The key is to have a password that is hard to hack but easy to remember. An easy formula for password creation is to think of a sentence that is of value to you and then use the first letter of every word within that sentence, then for good measure throw some figures and numbers in there that have no significant personal value. This way you are left with a password others won’t be able to guess but you’ll remember.

Sharing Passwords

Over 80% of students say they have shared their account passwords with friends or family at some point. Most cases of password sharing are for the use of streaming and/or social media accounts. This may at face value sound harmless, however, research has shown that nearly 1/3 of students use the same password across multiple accounts including their bank account login.

A quick fix for this particular scenario is to enable two factor authentication on your bank account.

Phishing

Phishing is the name given to scams that focus on getting your personal details, with the end goal of being able to impersonate you online. The less personal information you share online publicly, the more you are protected from these sorts of scams, as they often rely on piecing together enough information to seem genuine. Phishing usually comes in the form of Texts of Emails.

Text Phishing

Have you ever received an unexpected text message that reads something like this; “Congratulations! you just won $1 million dollars!”. According to mobile data research, across a seven year period of having an active phone, mobile owners have a 100% chance of receiving a Phishing text message much like the above example.

Although it can be funny to reply to these texts, the best thing you can do when receiving these messages is to simply not engage. If you do respond, your details go onto a secondary data list which will continue to text and sell your details to other hackers. The hacking process entails fishing out amongst a sea of numbers, waiting for responders and confirmation of active accounts.

When you text back, whether you like it or not, you’re giving the hackers more information about you than you think, such as;

  • Confirming that they have accessed an active phone number that is linked to an individual

  • Displaying behaviour that you can possibly be both gullible and persuaded into potential action points

Once more to be clear, the key here is to not respond in any form and simply let the phishing efforts fall short.

Email Phishing

Much like owning a mobile, having an email account will serve as a lightning rod for email phishing and scams. The most popular hack emails come in the form of easy-money opportunities or threats regarding the release of private information in a public setting. Both scenarios often require financial transactions in the form of Bitcoin or other decentralised cryptocurrencies that are almost impossible to trace.In not-so-distant online history, there was the now iconic Nigerian Prince scam. We all laugh at the ridiculous nature of the scam, yet this particular hack has brought in over $10 million of innocent online user’s money over the years, including the CEO of a bank.

How to spot a scam email

Scam emails are notorious for quite often having intentional spelling and/or grammatical errors throughout their initial mail-out. This is in an effort to feel out and secure oblivious and gullible email recipients. More often than not if an individual can spot these errors, they’re less likely to consider the legitimacy of the email.

Scam emails often provide clickable links with prompts for the recipients to click on and interact with. By clicking-through to these URLS, hackers preemptively put recording measures in place for Username & Password input via duplicated websites.

In general, it is good practice to only download files or click links from trusted sources. Some files can Also contain malicious software (or ‘malware’) that allows someone else to gain remote access to your device. Anti-virus software can protect you from most malware if it is kept up to date, but not downloading mystery files is the single best strategy to avoid malware.

It’s very easy for hackers to find a person of interest’s contact details and proceed to reach out to them. Often hackers buy databases, go on company websites or simpler still, find the person’s social media accounts and email their username. Your account will redirect this email to your inbox and from there they can try to convince you to click on a link of interest.

If you interact with these phishing emails at all, there is a likelihood the hacker now has

  1. Your name

  2. Potential contact details within your email signature

  3. Possible username/password entries recorded from faux email links.

With these 3 points of information they can begin attempting the hacking process with either a password hacking dictionary or the recording they now have in possession.

How to counter scam emails

  • Disable all email notifications from all social media sites: this way you’ll be able to identify any future social media related emails as hacks

  • Only check notifications from the official social media apps themselves

  • If there is a link attached, hover over it to make sure the website is spelt correctly. If in doubt, copy and paste the link into Google to double-check.

Scam Calls

Chances are if you have had a phone for more than a couple of years you would have received a call from a scammer. They often say they are calling as a representative of a recognised public authority such as the police, government or debt collectors, all of which are contacting you with an urgent agenda.

How to counter scam calls

Follow these 3 simple steps whenever you receive a suspicious call:

  1. Make sure to ask up front what the call is in regards to and what department/organisation they are from.

  2. Search the organisation online and if it is a real and trustworthy organisation, proceed to contact them with the number listed on their website (not the number that was given to you from the original callers).

  3. Confirm the identity of your original caller and whether or not the claims made about you are legitimate.

A simple fact to remember in regards to phone calls from official departments is that police, government workers and debt collectors never ask for payment details over the phone. Always make sure to request confirmation of the caller’s particular department, the caller’s name and their agent number.

Previous
Previous

Are your Privacy Settings taking Care of You?

Next
Next

Digital Footprint 101