Phishing attacks are becoming more sophisticated in their exploitation of email accounts, social media profiles, personal and financial credentials of consumers. The aim of these attacks is to steal personal information and use it for monetary gains.
Cyber criminals can engage in phishing scams by installing malicious code in mobile and PC applications or stealing personal information from these devices. They can engage in social engineering to convince you to hand over your personal details or install malicious software under false pretenses. They can also call you on the phone, or email you asking to download something from a malicious, but legitimate-looking website.
A recent example comes in the form of the IRS tax scam. Hackers who disguise themselves as IRS personnel try to steal taxpayer payments. The Treasury Inspector General informs these hackers were able to gain $4 billion last year through fraudulent returns and personal credentials of taxpayers. In this year’s tax season, they had turned to using emails featuring a fraudulent case number and fake IRS Taxpayer Advocate service credentials.
The recipients of emails were asked to click on links to enable access to reported tax income or provide information about tax advocates. In reality, these links redirect to malicious web pages asking for personal information. Criminals redirect the information to third-party servers located across borders, and then sell it in the black market. A CBS report says 343 tax returns went to an address in Shanghai, China, last year, and 655 tax refunds went to a single address in Lithuania.
Apart from the IRS scam, a report says hackers have been using compromised dating accounts to develop relationships with members of dating websites before asking for money, sometimes through extortion. In this case, they were using a single compromised website to host fraudulent scripts.
Tightening security at your end : While you can always ignore fraudulent emails and forward any suspicious claims to the official email address of government and financial institutions for reconfirmation, there are additional steps you can take to protect your identity, such as the following:
Enhance browser and PC security : Modern web browsers include a phishing filter that can be activated to keep malicious websites and links at bay. Additionally, consumers can take advantage of new internet security solutions that have successfully blocked phishing before it did any damage. Trend Micro points out consumers can benefit from a solution that safeguards them against email phishing scams, identity theft, and also includes a secure browser for safe access to financial and banking websites.
Also, you can install a hardware and software firewall to bump up the security of your system. The integration of an advanced firewall may also act as a barrier to the malicious code and stop it from hijacking your web browser and infiltrating your computer.
Review emails and sites carefully : Apart from using security tools, you can track the IP address of an email and use it to measure the history of the sender. This can be done through an IP and email tracking service that is able to identify the IP address of a machine that a criminal may be using to hide identity.
Lastly, you can examine the websites and links inside the email. You can also check the web to see if others are receiving the same time of emails as you are (a quick Google search would do the trick). A rule of thumb to follow is: if the content or a website asks you to take urgent action, it is most likely to be spam.
Keep these considerations in mind to safeguard your financial and personal privacy.