I am always astounded at how easily we are duped into falling for on-line scams, spoofs, and phishing tricks. Our want to click things which shouldn’t be clicked shows how trusting (or naïve) we all are. I really should put a Don’t Click That ! sign on my computer monitor, maybe as a background.
A good example was this week, we were getting my son a passport, and realized we didn’t have a long-form birth certificate for him. Naturally I went on-line and used Google for “Ontario birth certificate” and clicked on the first entry there. Seemed legitimate, sent it on to Mrs. C8j, who then sent me a note pointing out that this was not a Service Ontario link, it was in fact a different firm. This firm was a middle-man and would get you a birth certificate, but it was going to cost you a lot more. Mrs. C8j luckily found the Service Ontario link for Birth Certificates, and ordered from there.
This is where we all are too naïve (me especially), assuming the first link that Google brings you must be the right place to click. People pay good money to get to that spot on the search engines, and nefarious folks use black-hat trickery to reach those places as well.
I had another incident where our curate at Church had sent me an email with a PDF file attached, but I didn’t recognize the e-mail address. He had sent it from his personal account, and I finally figured out that it was him, but called him to confirm. Before I opened the PDF I ran an antivirus check on the file as well. Could I have still been tricked? Yes, quite easily. These are precisely the kind of trickery the bad folks on the web use.
- Email with a hinky document attached (Word, PDF, Excel s/s, and others) from an email account that looks like either:
- A legitimate business that you might work with (A bank or Credit Card is a perfect example of that)
- An account from someone you know. This is usually if you are being targeted directly for an attack (like how they got the Democratic National Committee folks during the election last year).
- Email with a link to something that has been shortened or looks like a legitimate site. A good example is the phishing email my daughter received from “OSAP”
- If you don’t recognize the link, or it has been shortened never click. There are sites where you can check a link, but I am not sure you should trust them either.
Banks, the CRA, Credit Cards, and most other institutions will not send you an e-mail with a link for things. If you think the e-mail from your bank is legitimate, go to your on-line banking site (not clicking the supplied link) and see if there is a message there.
Most banks and credit card have an email account where they like to get copies of these sorts of naughty e-mails, so they can try to keep up with the nefarious nasty folk out there.
Just don’t click that !