Phishing for Profit: How hackers hook our personal information

New year, new hopes, dreams… and phishing scams? Here we are in 2019. Energized at the thought of new beginnings. I wonder if the hackers get as excited as everyone else? Do they think “I can’t wait to roll out the new phishing scam – it’s gonna make last year’s look like a dud. Say sayonara to data privacy, sucker!” It’s absolutely frightening how slick malware creators are when it comes to phishing for profit.

Data privacy and phishing scams may seem like odd topics for a content creator’s blog until you know that I spent most of 2018 writing about information security, data privacy and compliance. So much time, in fact, that I found myself spouting off about it in everyday conversation. I made friends’ eyes glaze over. Yea, me!

Phishing is some evil stuff (here are the top seven of 2018). It’s so rampant because it is so profitable. Healthcare data is a favorite, because it’s so handy when stealing an identity and creating a new one. Just think of all the incredibly intimate minutiae in your healthcare record. So be on guard.

Five simple anti-phishing steps to help avoid being hooked.

  1. Beware of weirdly worded emails that are supposedly from a friend or trusted vendor. Always read, pause, then re-read before doing anything (phishing is one reason I take no action on chain emails or online games).
  2. Pay attention to unsolicited texts – don’t tap, swipe or otherwise act. If it looks like it’s from your bank or credit card company, but you haven’t set up text alerts, then it’s probably not legit!
  3. If you open an email and the logo looks a little fuzzy or the sender address is misspelled, don’t click on a link or download the file.
  4. If Microsoft misspells something in the subject line or email body, it’s not from Microsoft (or whoever the company purports to be).
  5. NEVER click through or tap on a link that takes you somewhere to enter personal information or reset a password unless you specifically asked for a reset from that vendor. Instead, take the time to go to a browser and manually enter the URL.

Personal data privacy is something we all need to guard.

We can be better at protecting it despite how entrenched we are in online transactions. Sometimes the best thing to do is simply pay attention. Start with these 4 basic activities:

  1. Use strong passwords, not convenient ones, when your sensitive data is at stake. Stumped? You can try one of the password generators listed here.
  2. Check your credit card activity regularly. Set up automatic notifications for charges over a particular dollar amount (this is a favorite for me on credit cards and checking accounts). And please, change your account log-in password if you haven’t lately!
  3. Pause before tapping unsolicited text links or clicking email links or attachments. Closely examine email sender addresses.
  4. Keep your health information to yourself. Personal health information (or protected health information, PHI) is valuable to hackers for identity theft. You can read more about it here. Healthcare providers and their vendors were hit hard last year, which means your PHI was, too.

It comes down to this: You can’t un-ring the bell. Being a phishing target is the price we pay for living in the super-connected cyber-verse, clicking, tapping, swiping, liking, following and buying. All you can do is be more aware of what you share, how and where.

I write for businesses, creating on-message, search-friendly content. To see some of my work, visit this privacy, information security and certification readiness firm, or this technology company offering a cloud-based platform for cybersecurity and information management.