The bad folks who create tasty bait phish messages to try and get your login information and other personal details continue to hone their techniques. Now they'll even use compromised Facebook accounts to phish the friends of that account with messages baited with phishing links. We're at the point now where not even legitimate accounts can be trusted to be phish-free.
Never, under any circumstances, provide login information unless you explicitly went to a legitimate login page yourself via a saved favourite or known trusted URL.
You may have been swayed by a warning of a bad situation. You may have been enticed by a prize. You may have your heart strings tugged by a request for assistance to a good cause. You may be offered the gift of a government energy rebate. You may have fallen for the claim of a critical account problem. There will always be a sense of urgency. These kinds of enticements are by design. They are trying to bypass your logic and common sense, and tweak your emotions.
The malicious links you click will take you to login sites that look legit. They won't necessarily have typos. You might even get something via Messenger from an actual friend, or an SMS text from (supposedly) someone you do business with. Don't walk into the trap.
Any time an unexpected link or attachment message warns of impending doom, never take the bait. Always follow up by contacting the party via other, known, legitimate means. That means calling the number you have on file or on their legit website. Even responding to the sent email could be a trap, especially if their email service has been compromised.
Here's a typical scenario:
You receive an email or SMS text or voicemail or Facebook message that your bank account has been compromised and you need to log in to fix it.
There's a 99.999% probability that it's a ruse, a fake. But all you'll think about is the 0.001% chance that it's real. Fine. Check it out, but not by responding to the initial communication. Never do this. Instead go to your bank site the same way you always do. Or call their number - the one that's published on their web site, not the one in the message. Or go into your branch. Check if your account is safe. It will be.
Bonus tip: No legit institution demands Bitcoin as payment for something you owe. No legit institution threatens sending the police.
Remember my motto: "If it's unexpected - suspect it!"
No comments:
Post a Comment