#Blog 7

What you need to know about phishing

Have you ever woken up to dozens of notifications from different friends tagging you on the exact same post that you know nothing about? An example of his would be scandals of famous celebrities and politicians, as well as other "newsworthy" topics. It often provides a tasty snippet (____nahuli sa alto!") And provides a link in the description. If you're tagged by countless friends in the post,your initial reaction would be to click the link, right?

Well, you shouldn't do that. If you do, you will be redirected to another site that is asking for your Facebook password and email address. It has the same user interface as Facebook and oftentimes people mistake it for being one and the same. After inputting your credentials, you are then redirected to a page that shows a convenient error message. Content not found. Then later on you will be messaged by countless friends telling you to remove them from your posts because you are spamming their newsfeed, even though you didn't post anything.

What just happened? You were just victimized by a phishing site. In plain speak, you were hacked.

Phishing is " the activity of defrauding an online account holder of financial information by posing as a legitimate company." Of course, sometimes the phishing sites are not just after your financial records, but access to you contacts as well.

Basically, phishing sites steal your credentials by asking for your log in information, which you oftern willingly provide if you see that the website is exactly the same as Facebook. The only difference is the URL (web address) in the browser, which will be different form www.facebook.com. once you enter your credentials, your information will be added to the hacker's records, now meaning that different things can happen- adding your credentials to the phishing site can cause your account to post on your behalf without your permission, thus tagging your friends in the scam,or the hacker can try your email address and password on there websites, particularly those that are financially inclined such as Paypal. The second prospect is obviously scarier, especially if you use the same email and password for all your accounts, but then again the hackers could be doing worse things with your information.

What worse than having your credentials stolen?

Sometimes these links lead to download of ".exe" files, which, when, clicked, install malicious software onto your computer. Depending on the kind of malware you unknowingly download, it can monitor everything you're doing and send this information to a third party,or your computer could be accessed remotely by anyone who knows how to do so. Your credit card numbers, SSS number and other important information will be up for grabs to anyone who knows what they're looking for. After all, they're ready accessing your computer, which you could be using for transacting online or handling your finances.

To top it off, phishing attacks can also be conducted via email or via a phone call. You might receive an official- looking email with the company's logo that is asking you to update your information. Once you click the link in the email, you're directed to malicious sites.

Phone calls are trickier, though. There are a couple of numbers that are calling postpaid account holders and are pretending to be members of a reputable company. They will then try to offer you products or get you to update your information via the phone.

Here's an example

Caller: "Hello, is this Mr. Mike Sullivan?"

Me: "Yes, Who's this, please?"

Caller:" This is Matthew from your bank We have a new product that we think you may be interested in. May I have your date of birth?"

Me: "What for"

Caller: " For verification purpose."

Me: " No, thank you."

The idea behind phishing phone calls is that these u scrupulous individuals will cold numbers and try to find someone who is willing to listen to them. There was even a case when a lady gave the caller her credit card information and later found out that she'd being billed a substantial amount every month because she apparently authorized the caller to charge her. This authorization doesn't need actual paperwork, because the caller has all her pertinent credit card information - including the security number at the back of the card.

The rule of the thumb, therefore, is very simple: if you are being asked to log in to social media ( such as Facebook) because you want to see additional content- despite already being logged in - check the URL of the browser. If it is different from the website you're currently on, it's probably a phishing site. Next, double check each link. When you receive emails with links, hover your mouse over the link ( do not click) and see if what appears is the highlighted URL. If the URLs do not match, do not click it.

Finally never ever give your personal information to anyone or anything. If you receive an email asking you to update your account information, go directly to the website and log in. If there is a massive updte that is going on, the website should notify you about it once you are there.

Thanks to technology, stealing personal information, nowadays, has graver consequences. You should safeguard your personal information to ensure you won't be scammed or hacked!