The reports of phishing attacks over the holidays are starting to grow. The new wrinkle for hackers it seems is the use of artificial intelligence (AI) to improve a hacker’s ability to gather information and target a specific victim.
Most of those targeted victims are online shoppers who hackers have discovered have gotten lackadaisical in what they click on and are clicking wily-nily on anything and everything. That’s especially true in emails.
Cybercreeps are sending out offers by the ton, bombarding users' inboxes with links to deep discounts knowing that there are enough people who’ll click on links and hand over credentials.
“E-shopping continues to be a prime target because people are pre-programmed to click on links," Phishfirewall CEO, Joshua Crumbaugh told ConsumerAffairs. "Online deals bombard users' inboxes with links to deep discounts, and this adds fuel to the fire, creating the perfect scenario to get people to click on links and hand over credentials.
“With scams getting increasingly sophisticated, it's hard to say precisely what tactics the bad guys will use, but they are only after just a few things: Stealing your account credentials, your identity/financial information, or infecting your computer with malware/ransomware.”
A new PlayStation 5 or Dyson product on your wishlist?
Crumbaugh said that his company found that phishing attacks centered on hot but scarce items, and using those as bait are paying off for hackers.
“Fake discounts on hard-to-find items such as PS5's and Dyson hair products with the goal of stealing credentials are growing," he said. "We’ve also seen fake purchase alerts that attempt to infect your computer with ransomware and fake Amazon security alerts with the intent to steal your credentials.”
How to keep the phishers away
If you think that it’s Google’s or Microsoft's or Apple’s job to keep phishing emails out of your inbox, you might want to reconsider thinking that.
Yes, Gmail or Hotmail or Apple iCloud Mail try to keep phishing emails from getting in with their email spam filters, but scammers are cunning enough to find ways around those filters.
The Federal Trade Commission (FTC) warns consumers that it would be wise to add extra layers of protection to protect themselves from phishing attacks.
One of the agency's strongest suggestion is to protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
And that password of yours? How long do you think it would take a hacker to crack it?
Another smart move is getting a password manager. Because if you do...
- It allows you to use harder-to-crack passwords. (If you want to see how weak or strong your password is, check it here)
- You don’t have to remember all of them.
- Plus -- and it's huge plus -- you can have a different password for every site.
That last point is a move that Dustin Heywood, a password specialist at IBM X-Force Red, says maximizes a person's password security.
"The reason passwords should not be the same between sites is that systems get breached, and then attackers [can] reuse passwords or even get passwords out of plaintext through phishing," Heywood told ConsumerAffairs. "This makes a password manager critical."