As the Internet has evolved to accommodate more advanced forms of technology, so has its network of computer-savvy con artists. While many “phishing” scams seem to pinpoint unsuspecting users, two recent incidents have highlighted that no one is exempt from getting hacked -- not even the world’s biggest media companies.
Earlier this week, the New York Times said hackers from China had infiltrated the newspaper’s computer system numerous times over the course of about four months. These hacks coincided with the newspaper's coverage from October involving the wealthy relatives of China's prime minister Wen Jiabao. The newspaper launched an investigation after learning Jiabao’s relatives had accumulated several billions of dollars through business dealings, only to find that Chinese hackers had been tracking their computers ever since.
At the same time, the Wall Street Journal reported a very similar story -- that “phishers” from China had been monitoring its coverage of the country as well.
“The main problem is the bad guys know more about breaking in than the good guys know about keeping them out,” said Jeff Kagan, an independent mobile technology analyst. “It’s only after a break in occurs that business really gets serious.”
The term “phishing” refers to the act of sending emails disguised as a legitimate company in order to coerce the user into revealing personal information. This can include banking information, email passwords, and other details that should be kept confidential.
Most users know to be careful when opening a suspicious email, but some crafty hackers have moved on to the social media front. In August, Mat Honan, of Wired, lost his entire online identity when hackers broke into every digital account he had.
“End users have less of a threat when they just have an email and Web account,” Kagan said. “They face a bigger threat when they operate their own gateways on the Internet.”
These scenarios are always unfortunate and sometimes unavoidable, but there are measures you can take to prevent it from happening to you.
1. Be careful about the information you send in an email. Never send passwords or other critical information. If you’re sending an email with a password-protected attachment, make sure that code is tough to break.
2. Choose the answers to your security questions wisely. Rather than simply being creative with your response, try to avoid answering the exact question. For example, if the question is “Where did you go to school?” try answering with your best subject or favorite teacher instead of the name of your school. Make it something very specific that only you would know.
3. Remember that hackers know how to gain the average person’s attention. If you find a random thumb drive in the library, with a compelling label, do not plug it into your computer.
4. If a website asks you for personal information, take a close look at the URL. In some cases the actual Web page may seem legitimate, but there will be subtle nuances hidden in the URL. For example, one phishing website posing as Twitter sports a webpage exactly identical to the popular social network. The URL, however, begins with “iwltter” rather than “twitter,” according to a ZDNet column from Michael Krigsman, CEO of consulting and research firm Asurenet. Be especially careful when using mobile devices since the Web address is in tiny print, which makes it more difficult to read on a small screen.
5. This may seem obvious, but always consider the context of the email. If you don’t know this person or the company name sounds unfamiliar, it’s probably a scam. In the same vein, don’t click any links from emails you don’t recognize.
6. Watch out for spelling and grammatical mistakes. This is a common trait among many fraudulent email scams. Some of these messages have been poorly translated from other languages or use letters from the alphabet to substitute certain symbols to evade spam filters.
7. Check for a sense of urgency in the body or subject of the message. Scammers are known to send messages that urge users to take action right away. In general, phishing emails typically aren’t personalized, while a message from your bank always addresses you by name.
8. Be extremely careful with social media and mobile apps. Many games and networking applications ask to access your information, setting up the perfect opportunity to snatch your digital identity. Malicious apps pose a serious problem to the Google Play store in particular, in part, because the open-source Android platform leaves a lot of room for hackers to manipulate Android Packages, better known as APKs. This is the type of file used to distribute and install application software onto the Android platform. At the end of December, an illegitimate developer was caught uploading malicious apps to Google Play with names that imitate other popular games such as Temple Run. To avoid these imposters, always check the app’s name and the studio behind it to make sure it’s coming from an authentic source.
In a digital ecosystem ruled by social media and mobile devices, hackers have endless opportunities to obtain crucial personal data. Phishing can be as swift and stealthy as ever, and it’s important to take precautions when opening messages and sharing information.
“When you operate on your own servers, it’s up to you to protect yourself,” Kagan said. “Some companies do a better job than others, but no defense is perfect. There is always a threat.”