Phishing for your personal info

by Nick Wright

Email security has become a multi-billion dollar business due to our justified fear of the wrong people getting access to our information.

This is not just a corporate problem as identity theft cost an estimated £2.7 billion and affected more than 1.8 million people.

One of the most common ways for thieves to gain access to your personal information is by getting you to give it willingly. Phishing is trying to persuade you to give up your personal information willingly. They usually do this by sending out emails from organizations that appear legitimate, usually financial institutions or charities.

Scammers even create professional looking websites with logos and phony contact information to further convince you.

A recent case involving Xbox Live hit thousands of gamers, and many of them too young to know how their information could be used. Players were sent emails with links to bogus sites that were offering them free Microsoft points that they could use to buy games.

After entering their personal details, scammers took small amounts of money from their credit card over the course of several weeks to make it more difficult to detect.

Other players have had their accounts hacked after being befriended by another player who coaxes personal details out of them in order to guess their passwords.

Despite being unsolicited, these emails may look legitimate so it’s easy to be fooled. However, a real company or charity won’t ask for this information via email.

Personal information is very sensitive, and most legitimate payments go through a secure server. You can identify a secure page because there is usually some lock icon in the bottom corner or in the url window. In these payment systems, the person processing your order can only see the last few digits of your card; they do not have the remaining digits or your security code. It is far more secure than giving your payment information by phone.

Choosing a unique password is another way to stay safe online, but remembering all of these passwords is beyond most of us so we have been reusing the same passwords for everything. The danger here is obvious. If you reuse the same password and someone hacks one of your accounts, they have access to them all.

To reset your passwords some sites have you answer a security question, but many do not. So if your email security is compromised, the person with access to your account can change your other passwords; forgetting to log out of your account can give anyone using your computer carte blanche to muck around with your digital life. Most of us at least know someone who has had an ex change all of their passwords, post nasty things on their facebook, or send emails to family and friends from their accounts.

Some sites have begun adding another level of security. A random password generator linked to a personal code word or pin number. My bank sent me one of these little keypads a few months back.

Many people will tell you to not write passwords down, but if there is a site you don’t use very often I don’t see any better way of keeping track of that in the near term. At minimum though you should be careful where you keep that information and memorize your 5-10 most important passwords. More importantly, you should always be careful what information you give out online.

Have you ever had your email hacked by a friend or an ex? Tell us about it in the comments section.

Leave a Reply