It happens so easily. You are browsing away on Twitter, and a person you follow posts something interesting. “Ha ha” it says, what an epic photo of you,” followed by a shortened URL. Curiosity and impetuousness take the better of you and you find yourself snared on a phishing hook. Too late! All of the addresses in your own contact list have now been captured, and all of the people who follow you are now receiving the same badly worded, intentionally vague snare.
Phishing scams happen all the time. Emails purportedly from the Canada Revenue Agency, the IRS or PayPal, all asking for you to click on a link to download a file. Fear, shock and surprise are all reflexes and as such they prompt people to act without thinking. When trust is factored into the mix, as in an apparently trustworthy source, all defences are grounded, and that’s where the trouble begins.
Phishing is the modern variant on distraction theft; the pickpocket or cutpurse of old who distracts victims while stealing their money. In this modern version the distraction can lead to far worse consequences than the loss of pocket money or credit cards. Data from your computer can be stolen, certainly, but your computer itself runs the risk of being infected and converted into a zombie, a bot that is then called upon remotely to assist in much larger crimes, such as Distributed Denial of Service attacks.
An up-to-date internet security application from suppliers such as Kaspersky, Norton or McAfee are essential, of course, but consider also taking one extra step. If a link appears in an email from the IRS, especially one that does not mention you by name, or which addresses you as “Dear tax payer,” and you are curious as to its validity, carelfully hover the mouse over the URL without clicking, and it wil reveal the real address of the perpetrator. If you have misgivings but wantto ensure that a notice from PayPal is really legitimate, delete the email and log into PayPal directly. Any account information or alerts that you need to know about will be there. Go through the front door as a legitimate customer, rather than through a back door provided by an unknown.
And finally, when you’re curious about a link, especially given that Twitter links are intentionally shortened anyway, get hold of a link unshortener, which are available as add-ons to all major browsers (search for “link unshortener” plus the name of your preferred browser to locate one). It only takes a second or two to right-mouse click/tap on a link to make sure it goes somewhere safe, but that second invested pays off in terms of many hours or weeks of damage control avoided later.