Phishing
Despite what we see on TV and in the movies, computer hacking doesn’t involve crouching over a laptop on the floor of a dark server room. Or sitting at a desk with multiple monitors with lines of code running on the screens. Followed by someone saying, “I’m in.”
Does it happen? Probably, but not very often.
The most common way to go where you aren’t allowed, computer security-wise, is by using social engineering. Social engineering doesn’t rely on technical hacking methods to access buildings, systems, or data. It exploits human psychology instead.
Phishing (pronounced fishing, as at Brite Lake) schemes are today’s most common social engineering attacks. Phishing attacks trick victims into sharing information or installing malware on their computers.
Text messages and emails are the most common way of deploying phishing attacks. In a simple phishing attack, the attacker sends a fake email or text from a shopping or package delivery service, telling you there’s a problem with your order. Or they’ll send you an invoice you weren’t expecting. To fix the “problem,” you’re directed to a website where you enter your credit card details or type your login into an impersonating website. Be careful with invoice attachments, as they can redirect you to a website that can harm your system or force you to pay to restore your data.
A phishing attack can become more advanced if the attacker has information about your employer or favorite shopping sites. This information can be available to attackers after a corporate data breach.
There are different phishing attacks. We have Email Phishing, which is self-explanatory. Spear Phishing targets a specific individual or individuals at a particular company or industry. Clone Phishing duplicates an actual email. These are typically order confirmation-type emails with malicious links. Pop-Up Phishing uses your browser notification settings to alert you about fake antivirus detections. Angler Phishing impersonates a public figure, YouTuber, or company for fake sweepstakes or contests on social media. Whaling is an attack aimed at an important person, usually for blackmail. Smishing and Vishing use text messages and phone calls. Most spam messages and robocalls you receive are likely smishing or vishing attempts.
To guard against phishing attacks, check the email address of the sender. If the email appears to be from UPS, but the sender’s email address is a Gmail or Yahoo address, it’s a phishing email, and you should delete it. Also, check for names in the from field for an address that contains numbers, like purchasing_manager45620. Your friends might have numbers in their email addresses, but companies don’t. And look for typos in the body or the email. Never open attachments from someone you don’t know. If you’re in doubt about an email or text, contact the institution using the contact info on the back of the credit card or the number on your statement.
Why Chrome?
Why is Google’s browser called Chrome? What does chrome (a mainly automotive thing) have to do with the internet (a mostly networking thing?)
In the late 2000s, back before Google had taken over the world, Google had a web browser project codenamed Chrome. Everything you see on your screen that isn’t the site you’re looking at, the browser toolbar, tabs, scroll bars, etc., is called browser chrome. The Google team wanted to eliminate as much of that browser chrome as possible so the user could concentrate on the page they were looking at.
When Google finished the new browser, there was a naming contest. The story goes that the nominated names were so bad that Google decided to keep the code name Chrome. It’s also a bit of a joke since the Chrome project aimed to minimize web browser chrome.
Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at greg@tech-hachapi.com.