I am always astounded at how easily we are duped into falling for online scams, spoofs, and phishing tricks. Our want to click things that shouldn’t be clicked shows how trusting (or naïve) we all are. I really should put a Don’t Click That! Sign on my computer monitor, maybe as a background.
A good example was this week, we were getting my son a passport, and realized we didn’t have a long-form birth certificate for him. Naturally, I went online and used Google for “Ontario birth certificate” and clicked on the first entry there. Seemed legitimate. Sent it on to Mrs. C8j, who then sent me a note pointing out that this was not a Service Ontario link, it was in fact a different firm. This firm was a middle-man and would get you a birth certificate, but it would cost you a lot more. Mrs. C8j luckily found the Service Ontario link for Birth Certificates and ordered from there.
This is where we all are too naïve (me especially), assuming the first link that Google brings you must be the right place to click. People pay good money to get to that spot on the search engines, and nefarious folks use black-hat trickery to reach those places.
I had another incident where our curate at Church had sent me an email with a PDF file attached, but I didn’t recognize the e-mail address. He had sent it from his account, and I finally figured out that it was him but called him to confirm. Before I opened the PDF, I also ran an antivirus check on the file. Could I have still been tricked? Yes, quite easily. These are precisely the trickery the bad folks on the web use.
- An email with a hinky document attached (Word, PDF, Excel s/s, and others) from an email account that looks like either:
- A legitimate business that you might work with (A bank or Credit Card is a perfect example of that)
- An account from someone you know. This is usually if you are being targeted directly for an attack (like how they got the Democratic National Committee folks during the election last year).
- An email with a link to something that has been shortened or looks like a legitimate site. A good example is the phishing email my daughter received from “OSAP”
- A Tweet from a famous person announcing they would be magnanimous and let you make money with them? Don’t Click that, please!
- Any plea for money for the latest world catastrophe, never give money to organizations links you don’t know.
- A subscription update for a product you don’t use. My son keeps getting a re-up email from “McAfee”, but we don’t use their products. I tell him don’t click that.
- If you don’t recognize the link, or it has been shortened never click. There are sites where you can check a link, but I am not sure you should trust them either.
Famous who did Click That!
Banks, the CRA, Credit Cards, and most other institutions will not send you an e-mail with a link for things. If you think the e-mail from your bank is legitimate, go to your online banking site (not clicking the supplied link) and see if there is a message there.
Most banks and credit cards have an email account where they like to get copies of these sorts of naughty e-mails, so they can keep up with the nefarious nasty folk out there.
Just don’t click that! In the name of all security and protection DO NOT CLICK THAT!