How to guard against identity theft, email scams, and other cybercrimes this yuletide season
As the year winds down and harmattan winds signal the start of the holiday season, discount sales, bonanzas, promos, etc., which stimulate online shopping, can quickly turn sour for many. For example, the urge to participate in the annual Black Friday sales in November could just be the trap for con artists to steal your credit card details, passwords, and identities of unsuspecting shoppers. According to the Anti-Phishing Working Group (APWG), 316,747 phishing attacks were recorded in December 2021, signaling the highest number in history, with the financial sector being the most prominent victim.
What is Phishing?
Phishing is sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise to trick the user into surrendering private information. Users are asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords, credit card numbers, or other information. However, the email or website is an imposter set up to steal any information the user enters. One of the reasons phishing succeeds is that the emails and the fake websites appear to be legitimate and, most of the time, combined with typo-squatting.
Typo what? You’re making this up, right?
Typosquatting is a form of cybercrime that involves hackers registering domains with deliberately misspelled names of well-known websites. Hackers do this to lure unsuspecting visitors to alternative websites, typically for malicious purposes. Visitors may end up at these alternative websites in one of two ways:
* By inadvertently mistyping the name of popular websites into their web browser — e.g. [gooogle.com](http://gooogle.com/) instead of [google.com](http://google.com/).
* Being lured to them as part of a broader phishing attack.
The hackers may emulate the look and feel of the sites they are attempting to mimic, hoping that users will divulge personal information such as credit card or bank details. Or the sites may be well-optimized landing pages containing advertising or pornographic content, which generate high revenue streams for their owners.
Typosquatting is not only a problem for users; business owners are also affected, not least because every stolen visitor is potentially a lost customer. For this reason, companies and organizations should keep an eye on falsifications of their websites and take action where appropriate.
How to be on the lookout
Be on the lookout for emails or calls asking for sensitive information, especially when it is not company/official protocol to do such. You should also watch out for emails from misspelled domains, even public domain emails like @gmail.com. Remember, most legitimate employees of companies would use their official email with the official email domains.
Additionally, the contents of emails or messages that say you requested a password change or that your account has been flagged for suspicious activity and that you would need to send “personal information” to verify the account are red flags. Spelling errors are also common, as many scammers don’t know how to spell correctly.
Content that says you have a deadline to update something and failure to do that would lead to your account being suspended etc., or when they address you by “Dear Customer” or use your email “Dear [Joshua@kudy.io](mailto:Joshua@kudy.io) ” are red flags too as most legitimate employees of companies would address you by your real name.
Finally, do not give out sensitive information on unsecured sites, click links from unrequested emails, or download unsolicited attachments from emails. The effects of phishing attacks are grave. Loss of money, deformation of identity, and disruption of operational activities are just top of the list, but they could also be the triggers of an unwinding domino of trouble.
A contribution byMusa Joshua from our Tech team.