Some great advice from WSJ (subscription) as identity thieves continue to develop more sophisticated strategies to steal your identity. Moral of the story: You are your own worst enemy when it comes to giving up information when you should not be.

A few highlights and some strategies to protect oneself:

• Phishing is the most common online scam:

Online cons are called phishing. If you’re sure you already know all about them, think again. Those grammatically challenged emails from overseas “pharmacies” and Nigerian “princes” are yesterday’s news. They’ve been replaced by techniques so insidious, they could leave any of us feeling like a sucker…About 97% of all cyberattacks start with phishing, says Oren Falkowitz, chief executive of Area 1 Security. “It’s the biggest risk anyone faces.”

• Here’s a particular devious example that hit gmail accounts recently (from Wordfence)

The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there. It looks like this….

You go ahead and sign in on a fully functional sign-in page that looks like this:

Once you complete sign-in, your account has been compromised.

• Other techniques used by hackers (from WSJ):

Hackers prey on us with messages that appeal to our weaknesses, including:

Confidence: ‘Trust us, this is normal.’

Greed: ‘Get your cheap pills here!’

Urgency: ‘The boss says hurry up and click.’

Fear: ‘Your PC is infected! Click to fix’.

Shame: ‘Click here to see what everybody is saying about you.’

Lust: ‘Psst! Check out these nude celebs.’

Sloth: ‘Didn’t update your OS? Thanks!’

• Strategies to protect oneself:
  • Be vigilant: “It always pays to be vigilant. If an email doesn’t feel right, pick up the phone before you open an attachment or click a link. Or even better, don’t click at all: If you’re told to sign in to, say, Google or Verizon, type the address into a browser or open the app.”
  • Keep software up to date: Humans can help, of course—primarily by keeping software up-to-date: That scary Gmail trick I mentioned has been squashed in the latest version of the Chrome browser.
  • Use different passwords: using different passwords everywhere—which only Rain Man could do without the aid of a password manager. (Dashlane and LastPass are good options.) It’s particularly important to protect your email account, which can be used to reset other passwords if someone takes it over.
  • …and my favorite: Use two-factor authentication: “Turn on an extra layer of security called two-factor authentication (aka 2FA, two-step verification and login approval). It’s not foolproof, but it makes your password less valuable if stolen. These systems, already used by many corporations, usually ask for a code sent via text message or generated by an app or security dongle.

_________

Check out the NGPF Lesson on Identity Theft to help your students protect themselves from the increasingly sophisticated attacks of hackers.

About the Author

Tim Ranzetta

Tim's saving habits started at seven when a neighbor with a broken hip gave him a dog walking job. Her recovery, which took almost a year, resulted in Tim getting to know the bank tellers quite well (and accumulating a savings account balance of over $300!). His recent entrepreneurial adventures have included driving a shredding truck, analyzing executive compensation packages for Fortune 500 companies and helping families make better college financing decisions. After volunteering in 2010 to create and teach a personal finance program at Eastside College Prep in East Palo Alto, Tim saw firsthand the impact of an engaging and activity-based curriculum, which inspired him to start a new non-profit, Next Gen Personal Finance.