With the rise of the digital age, the necessity of information technology, and the prevalence of online transactions when doing business, it is no surprise that online security is high on the agenda of every business organisation around the world. Although the Internet – with its enormous advantages – has been an indispensable tool to companies when it comes to marketing, supply management, and distribution, it has also created a situation where a large quantity of data is now extremely vulnerable for identity theft and online fraud.
Hackers employ several methods to acquire one’s personal information (such as passwords, credit card numbers, and access codes) and use them for their own fraudulent purposes. Even leading e-commerce companies such as PayPal and eBay have been targeted by these hackers. Hackers use what is generally referred to as ‘phishing methods’ to steal personal information. Phishing is defined as a fraudulent method of acquiring personal information, usually via electronic communication messages, while posing as a legitimate entity.
What follows are some examples of the methods that may be used to trick you into revealing your personal information. It is an excellent idea to be aware of them and to make sure you report any such attempts to appropriate agencies for your own safety. For example, PayPal has an email address (email@example.com) where you can forward all suspicious messages you receive concerning PayPal.
In the US, there are incidents where emails are sent randomly to the general public, wherein the email purports to be from the IRS (Internal Revenue Service). These emails ask the receiver to provide his/her personal information in order to receive a large tax refund mistakenly deducted from their paychecks during the year. Of course, this is a nothing but an attempt to gain access to personal information.
Bank customers who do their banking online are also frequent targets. Usually, they get sent an email stating that there has been a security breach and that the bank now requires the customer to verify some personal information by entering it into a ‘secure’ form.
Another technique is link modification, where the link in the email is intentionally misspelled or modified in very slight ways so the perpetrator can use it to pose as the legitimate company to potential victims. For example, if Company A’s customer service email is firstname.lastname@example.org, a fraudulent email could be email@example.com.
Hackers might use an image message instead of text to avoid detection by phishing filters. In addition, a fraudulent website that looks exactly like the company’s legitimate website, using a slightly modified URL, is another way in which customers could be tricked into collecting their information.
Other methods of phishing include the use of phones or postal mail. Over the phone, the customer is asked to call a particular number and enter his/her information or provide it to a “customer service representative” to sort out problems with his/her bank account. Postal mail phishing will end up with similar results, only that with postal mail, letters are sent asking the customer to fill out a form with his/her information and then to mail it to back a specified address.
Although the risk of fraud and identity theft will always exist, there is no reason to panic unnecessarily. There are ways to protect yourself; at the very least, common sense is a way to ensure basic protective measures. Here are some tips:
- Do not use websites you don’t know, and always check the URL of a website that you are browsing, especially if there are any logins involved.
- Do not, under any circumstances, give out your credit card number via email or text message, or enter it on a pop-up window on the screen.
- Use websites that display a security certificate, and try to use only one credit card for all of your Internet shopping.
- Keep your personal information secured in a locked cabinet or a safe.
Remember that above all else, common sense is the best defense against becoming a victim of phishing scams. Double-check all emails and links you are sent, and always be stringent with how and where you give out your personal information. Prevention is always better than trying to find a cure later!