Barbara Corcoran, an expert in real estate investment and adviser on TV’s Shark Tank, almost lost $400,000 to a phishing scam.
Phishing is defined as a “scam by which an internet user is duped (as by a deceptive email message) into revealing personal or confidential information, which the scammer can use illicitly, according to the Merriam-Webster Dictionary.
Corcoran’s bookkeeper wired money to a scammer. She failed to note that the email address was one letter off the address for Corcoran’s assistant. The transaction was halted before the money was transferred to the scammer.
Twitter tricked by hackers
Phishing even caught one of the world’s largest social media platforms – Twitter.
Earlier this year, three young hackers took over the Twitter accounts of more than 100 celebrities, CEOs and political figures. The victims included then-presidential candidate Joe Biden.
The hackers, two in the United States and one in the United Kingdom, called Twitter staffers and tricked them into giving them access to an internal tool.
Armed with that information, the hackers gained access to the accounts and reset passwords.
Scammers use many methods
The FBI warns phishing is so successful, it has evolved and now has several variations that use similar techniques:
- Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.
- Smishing scams happen through SMS (text) messages.
- Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.
If a sophisticated investor and a social media giant can fall prey to phishing, what chance do you have?
CDCR’s Enterprise Information Service (EIS) says there are many things you can do to protect yourself.
If you are cautious and follow some common sense safeguards, EIS says you will be well armored against these kind of attacks.
How to protect yourself
Here some steps recommend by the FBI’s internet crime fighters:
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Here are some other articles on protecting yourself against internet attacks: