Checklist 274: Crime Does Pay (But It Should Still Be Stopped)
This week on The Checklist:
- A phishing awareness refresher
- Mysterious texts from … you?
- Takeaways from the 2021 FBI Internet Crime Report
A phishing awareness PSA
A recent CNET piece offered some excellent tips for protecting yourself from phishing. We’ve talked about phishing before on The Checklist, including the more modern QR-based phishing scams.
But with scams and phishing attempts on the rise, we figured it’s a great time to share some helpful information. Here’s what CNET recommends:
Don’t disclose personal information on social media
We’re not talking about commenting on a friend’s post, or putting up a vacation picture. This is more about public-facing posts and pages: the things that the whole world can see. You know all those “fun facts about me” viral posts, or the personality quizzes that you see on Facebook sometimes? Some of these are phishing attempts in disguise. Bad actors use them to find clues to password reset questions, or material to use in social engineering attacks.
Consider the source.
If you get an email, text, or call from someone, take a second to think about it. Do they have a reason to be emailing you? Have you ever corresponded with them before? If something seems off, don’t reply to the email or click on any links.
Consider the text.
Phishing emails are notorious for having grammatical errors, misspellings, and strange layouts. If an email just looks … wrong, then it probably isn’t legit. That’s especially true when you’re talking about big companies: Apple is unlikely to send you an email with basic spelling mistakes, or that begins “Hello my dear”!
Take a breath.
Many phishing attacks attempt to create a sense of urgency (or outright panic) to get you to act without thinking. So slow down and ask yourself if the request even makes sense. Would your bank ask you for your password over email? No. Would the IRS call you and tell you that you have one hour to act if you want to avoid arrest? Not going to happen.
Don’t click on these links!
Last week, Apple Insider ran a report about Verizon users who were receiving some fairly odd texts: texts that appeared to originate from their own numbers!
According to Insider, the texts had several things in common. For one thing, the messages all told the users that their “bill had been paid” and then offered a “free gift” if they clicked on a link. And, bizarrely, the messages seemed to come from the user’s phone: If you tapped on the incoming number on one of these texts, you’d see your own contact card!
So what were those links, and who was really sending them? That’s a bit of a mystery. Some of the links connect to Russian websites, but Verizon says that it hasn’t seen evidence that the texts are actually originating from that country. At the moment, no one really knows what’s causing these texts, or who is behind them.
One thing that we can say for certain: You shouldn’t click on these links! The best thing to do when you receive an unknown or suspicious text—even one from yourself—is to just delete it. If you want to go the extra mile, take a second to report it as spam to your carrier. But whatever you do, you don’t want to click on or download anything in a situation like this.
The FBI’s cybercrime year-in-review
The FBI has published its annual Internet Crime Report. Here are some of the key takeaways:
- Cybercrime is up. Internet crime complaints in 2021 surpassed 2020 by 7%, and 2019 by a staggering 81%!
- Cybercrime pays — like, a lot. The FBI says that people lost around $6.9 billion to internet crime last year, up a whopping $2 billion from 2020.
- Perhaps surprisingly, the biggest threats seem to be the most basic. It’s not the sophisticated 0-days and powerful nation-state malware that people should worry about the most. The FBI says good old-fashioned phishing attacks, delivery scams, and personal data breaches were the top forms of cybercrime last year.
So what can you do to protect yourself in this increasingly dangerous landscape?
Here’s where to start: Always remember that it’s a jungle out there. The bad guys will try to exploit just about everything: Valentine’s Day, tax season, wartime charity relief drives, and more. You name it, a bad actor will try to take advantage of it. The problem is getting worse, and it’s not likely to improve any time soon. So the first thing to do is to be aware that there is a serious problem, and to be vigilant.
Next, do what you need to do in order to keep yourself and your loved ones safe. This means learning and following best practices for good cybersecurity — and sharing them with the people in your life.
And please note: When we say “best practices”, we’re not talking about anything arcane. We just mean things like the phishing awareness tips discussed on today’s show; using good passwords; turning on two-factor authentication; steering clear of unknown apps, and regularly updating your devices.
We know that all of this probably seems basic, especially if you’re a regular listener, but the harsh truth is that most of the cybercrime in the FBI’s report actually was pretty basic — and yet people were still victimized to the tune of nearly $7 billion. There is still a lot of work to be done when it comes to improving cybersecurity awareness. So please share this show, share what you know, and help make the world a little bit safer!