Even when we should know better, sometimes we let our guard down online. This last week, I got phished. Phishing is when malicious users trick you (sometimes even without realizing it) into giving them sensitive information like usernames, passwords or credit card numbers.
This last weekend, I saw a post on a friend’s Facebook wall, by someone I’ve seen post there before– so I recognized their name, and thought I could trust them. They were letting our mutual friend know that Southwest Airlines was giving discount coupons away on their Facebook page, and provided a short-link. It looked legitimate. “Wow! Cool!” I thought, “I fly Southwest sometimes, that would be great!” So I clicked the link. It “hung” and never seemed to go through– I was mildly disappointed and gave up.
Of course, what had happened before I did that, was that the friend-of-a-friend (the one posting on my friend’s wall) had also done the very same thing, and when they did it– and when I did it — that action gave the malicious phisher access to my Facebook username & password. Most likely the phisher has this all automated, so that very soon after I gave away my info, all my friends started getting the same fake messages on their walls.
Sometimes, the phishing attempts are clumsy and clearly not on the up-and-up, but other times, they look very legitimate. The phisher/hacker is all about trying to get you to click the link or send the email.
Do they just do this for kicks? No. The phisher/hacker is hoping to gather enough information to perpetrate identity theft so they can make money.
If you’ve been phished, what should you do? On social media like Facebook and Twitter, it usually is enough to simply change your password. This will hopefully get the hacker & their bots out of your account. You may need to click a “forgot my password” link to get your password reset. This normally generates emails to the email that you used in creating your account, which is a good way to keep track of changes to your account.
While I hope we can all avoid being phished, if you’re online much, it’s almost unavoidable. Hopefully, now you know what to do. Anyone have phishing stories to tell in the comments?