Like many Americans, I have been using web based portals to do banking, conduct investment transactions and I even prefer to use PayPal to send money to my college-aged daughter.
Between my smartphone and laptop I probably complete 90 percent or more of my financial business electronically.
With this level of comfort, it’s easy to become complacent about security, but in the past month I’ve become informed about some new Internet scams people need to be aware of. These emerging scam techniques represent a real evolution in the sophistication level of the fraud.
The financial firms I use online do a good job of keeping security at a high level. Most require rotating passwords comprised of a minimum of eight multiple type characters. While these types of policies can be a real pain to keep up with, they do represent best practices.
There is another type of online account, however, requiring much weaker security procedures: the email account. Now in a scam being called “spear phishing," fraudsters are hacking into lower security email accounts. Email hacking isn’t necessarily a new thing, but the way the thieves are behaving once the emails is hacked has changed.
The spear phishing fraudster takes a slow and deliberate approach, logging into the hacked email frequently, watching email exchanges and discerning various relationships of the account owner. Once the fraudster feels they have an understanding of the victim’s relationships and communication style, they begin impersonating the victim, from the victim's actual email account, requesting money from friends and financial information from the financial firms used by the email owner. It’s easy to imagine the damage that could be done by well-meaning friends and financial service providers.
The other technique is kind of a reverse of the impersonation technique. In a reverse spear phishing scam, the scammer still uses the email as the point of breach, takes his time observing the email box and then attempts to impersonate one of the legitimate financial services relationships of the email account owner. The impersonation usually involves a request for additional information such as a social security number, some type of account number or other personal financial information.
Where previous generation Internet scams were often based in a “game of numbers,” with the scammer using email to find the one in a million victim that makes a mistake or error in judgment, the current generation involves a much more focused approach.
Awareness is a huge part of the battle here. Rotate your email passwords frequently, watch your email account for unauthorized activity, and pick up that old fashioned tool called the phone to verify anything seeming remotely “phishy.” A little bit of interpersonal communication can do a lot to prevent this type of fraud.