Why are people still being hooked by phishing?
By ATB Financial 13 March 2019 4 min read
You’ve likely heard of phishing, a tactic used by fraudsters to get personal information, credit card details, and ultimately money via electronic communication. So, those emails you get asking you to verify information, or telling you you’ve won something, those persuasive requests to click on a link—that’s phishing. And its ultimate goal is to perpetuate fraud.
We know about this. We’ve heard the warnings. So why are we still falling victim?
We take the bait.
“They still do it because it’s successful. That’s why they continue to do it.” That’s the simple answer from Chris Casement, Channel Fraud Specialist at ATB Financial. He says in a lot of cases people who fall victim are in an older age bracket. Many of them are embracing the convenience of a computer, tablet, or a smartphone, and things like emails or text messages are still relatively new. These users can be duped by emails that direct them to “fake” websites that look legit.
But make no mistake, we are all being targeted.
“They don’t just target the elderly,” says Vivienne Nicol, ATB’s Senior Manager, Fraud Prevention.
“They go after businesses, they’ll hack into people’s email accounts and send emails supposedly from a director or someone high up in that company trying to access information. It’s not just seniors. It’s definitely widespread.”
Criminals are casting wider nets.
“The scariest part about all of this, is that the fraudsters don’t even have to be technically savvy anymore,” says Chris. “They’re buying these programs off of forums and executing them themselves. The hackers have already done the work and built the program that does all of the terrible things to these people…they’re just buying the program and hitting start.”
Those programs can target millions of people in just seconds. And if you’ve ever gone fishing, you’ll know the more lines you have in the water, the better your chances of getting a bite.
And who’s at the other end of those lines? The answer from Vivienne is less than reassuring.
“The people who are doing this, this isn’t a couple of teenagers working in their basement. It’s organized crime. It’s huge groups of organized crime.”
Attempts to catch these criminals are complicated.
“They’re using international proxies so it may look like they are sitting in Canada a few blocks away but they’re actually sitting in a different country.” And while organized crime may be casting the net, there are smaller players reeling in the catch. Intermediaries are at work right here in Alberta funnelling the funds.
“Sometimes the people perpetrating the fraud are victims of fraud themselves,” says Chris. “They’ve fallen for a get rich quick scheme. They are filtering money through a wire service and are taking a cut. They think they’ve found some crazy job where they get to send and receive money, they don’t realize that they’re actually part of a bigger organization. They just don’t realize the money that they’re dealing with is coming out of someone’s account, who didn’t authorize it.”
The bait is changing.
Every time there is a new platform, or way people exchange, post, or offer up information, there’s a new potential for fraud. In the past few years, experts have seen a rise in phishing attempts via text message. It even has its own name, “smishing” (playing off the acronym SMS, for short message service).
If you haven’t seen a smishing attempt yet, you will. It will likely look like a legitimate text, perhaps from a brand or business that you recognize. Its goal will be to get you to click through to a website where you’ll be prompted for information, or perhaps you’ll be encouraged to download something, which could introduce malware to your device.
The bait is tasting better all the time too. The emails look more legit. The design of the fake websites is improving. Security breaches at legitimate corporations put your personal information out there. That information can be purchased by crooks who can then target you with a more specific message. This tactic is known as “spearfishing.”
“They’re targeting a specific person. The message is being customized for that person, it will use their first name, address, phone number, and maybe another bit of information someone wouldn’t normally know,” says Chris.
Ultimately, our efforts to protect ourselves will determine the future of phishing. If we stop falling victim, it ends. That means following the advice of the fraud experts like Vivienne and Chris: changing passwords, protecting devices with Anti-virus software, never giving out personal information to a source you don’t trust 100 per cent. When it comes to banking or credit card information, the last word goes to Vivienne.
“If you have any doubts, any doubts at all, call the number on the back of your card.”