Indiana University School of Nursing, Center for Professional Development and Lifelong Learning

Interesting, fun, short, and thought-provoking posts you’ll actually want to read and share

Phishing, Faking, & Fraud—OH, MY!

You may not think that this type of post belongs on a nursing professional development blog but cybercrimes are a BIG deal and and it’s everyone’s job to stay vigilant with our personal information and the personal health information of our students and patients. IU School of Nursing’s own Cindy Hollingsworth has written an excellent article for you to read and share.

Take it away, Cindy!

Phishing, Faking, & Fraud—OH, MY!

GonePhishing

Cybercrimes are the stuff movies are made of. Remember Angela Bennett (Sandra Bullock) in The Net (1995) who had her identity stolen? Or Sandy Bigelow Patterson (Jason Bateman) whose identity was stolen by Sandy Bigelow Patterson (Melissa McCarthy) in Identity Thief (2013)? Funny stuff, until it happens to you, and it is occurring to more and more people these days. CNN Money (2014) discussed a report from Javelin Strategy & Research that found identity fraud occurs every two seconds (Insurance Information Institute [III], n.d.) and impacted 13 million people in the US in 2014 (III n.d., Pascual, Marchini, & Miller, 2016). We often think that identity fraud occurs because someone keeps a carbon copy of your credit card imprint or rummages through your trash looking for documents with your Social Security number. Unfortunately, those committing fraud no longer have to do so much physical work; they simply go phishing.

The Federal Trade Commission (2011) defined phishing as people who impersonate others in order to trick them into giving up personal information. These scammers are sophisticated (and becoming more and more so) in their attempts to separate each of us from our assets; it requires each of us to be ever vigilant to avoid becoming the next victim.

Most of us are targeted by phishers through our email. We tend to get a lot of mail and computerpuke of it junk; couple that with our busy schedules and we tend to skim our emails rather than reading carefully; this causes us to not exercise as much caution as we should. We are now living in the perfect storm for a great phish harvest.

So what are the earmarks of a phishing scam? Phishers create emails that appear to come from legitimate sources and embed within them hyperlinks hoping you will click on the link. When you do, your browser takes you to a site that again appears to be legitimate (a spoofed site) and presents enough alarming sounding information to bait you into completing information that will allow the fraudsters to access your accounts or to begin the process of stealing your identity. There are even YouTube videos that teach individuals how to build a fake login page (Cols, 2015).

mybank.net

How are you supposed to know what to avoid? 

Here are some tips:

  • If you’ve never done business with that company before, it’s not legitimate.
  • Legitimate companies should never ask you for your social security numbers, login passwords or passphrases, or account numbers. If you are asked for personal information, discard the email message.
  • Businesses are very careful to present a professional appearance; phishing attempts often include typos or poor grammar. Additionally, a legitimate business with which you have a relationship knows who you are; they will never send a message addressed to “Dear Friend” or “Account Holder” or other ambiguous or vague salutation.
  • Fraudsters are very clever and may disguise a Web address and unless you read carefully, you won’t know the difference. A 0 and an O look very similar so if the legitimate URL is GetYourToyHere but is written as GetYourT0yHere, you may not notice the difference. Also, they may add a letter that your eye will easily overlook: BubblyToGo is very similar to BubbblyToGo.
  • There are large number of recipients on the message, both internal and external to your organization. Discard the message.
  • Don’t click links in an email message. It’s very easy to have the text on the screen look like one thing, but the actual link be something different. If you get an email message that is suspicious, point at (but don’t click) the link, look at the bottom of your screen and see if the URL that displays in the status bar is the exact same as what appears in the message itself.
  • If you think a message is legitimate, use your browser and go to the website directly then login. If the company has an issue they want you to address, you will generally find an alert in your account; don’t click on the link to go there.
  • When in doubt telephone the company!

phoneWe’ve talked about email phishing attempts, but many scammers still rely on the “old fashioned” way – the telephone. Whether you talk to the person directly or they leave you a voice mail message, remember that legitimate business should never ask you to supply personal information such as social security numbers, account numbers, passwords or passphrases – they already know that information. If you are the recipient of a phishing attempt, immediately report it to your business’s IT department; they may ask you to forward the message to them.But let’s say it was a sunny day and your mind was at the beach, and the bait was thrown right in front of you using a bright shiny lure and without thinking about it, you took the hook. Not only did you click the link, but you gave them the information they asked for.

Now what?

  • Don’t be ashamed; mistakes happen and any one of us may have a bad day. Fix it and kidcoveringface try to be more careful in the future.
  • Report it to your business’s IT department.
  • Immediately use your web browser and go directly to the company’s website and change your login information.
  • Notify the company of the incident.
  • Contact the three credit reporting agencies (TransUnion http://www.transunion.com, Equifax http://equifax.com, and Experian http://www.experian.com ) and ask them to put a fraud alert on your account.
  • Monitor your accounts carefully over the next six months minimum for any activity that you did not authorize

Don’t try to out-think the fraudsters. When we figure out one method they use, they’ve already figured out a dozen new ways to trick us. As we move into more and more electronic activities, these activities become more and more prevalent. Be cautious and alert; read carefully. Learn to live with a healthy amount of cynicism. If it feels fishy, it probably is. Move to the other end of the pier.

nophishingpier

Article written by

Cynthia D. Hollingsworth, MS, BS, AAS | Coordinator of Instructional Design
ELITE Center – Encouraging Learning, Innovation & Technology Excellence
Adjunct Assistant Faculty, Dept of Community & Health Systems
Indiana University School of Nursing

References

CNN Money. (2014). Identity fraud hits new victim every two seconds. Retrieved from http://money.cnn.com/2014/02/06/pf/identity-fraud/

Cols, M. (2015). How to create a fake login page |EASY & FAST|. Retrieved from https://www.youtube.com/watch?v=g9reBVmu6eM

Insurance Information Institute. (n.d.). Identity theft and cybercrime: The scope of identity theft. Retrieved from http://www.iii.org/fact-statistic/identity-theft-and-cybercrime

Pascual, A., Marchini, K., & Miller, S. (2016). 2016 Identity fraud: Fraud hits an inflection point. Retrieved from https://www.javelinstrategy.com/coverage-area/2016-identity-fraud-fraud-hits-inflection-point

Federal Trade Commission Consumer Information. (2011). Phishing. Retrieved from https://www.consumer.ftc.gov/articles/0003-phishing

 

Interested in learning how to use technology in your teaching? Check our our website for some online (facilitated and self-study) courses.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on May 2, 2016 by in Uncategorized.
%d bloggers like this: