WEBVTT - What is phishing?

0:00:00.320 --> 0:00:02.960
<v Speaker 1>Brought to you by the reinvented two thousand twelve Camray.

0:00:03.240 --> 0:00:08.840
<v Speaker 1>It's ready. Are you get in touch with technology? With

0:00:08.920 --> 0:00:14.440
<v Speaker 1>tech stuff from how stuff works dot com. Hi, everybody,

0:00:14.480 --> 0:00:17.000
<v Speaker 1>welcome to the podcast. My name is Chris Pollette. I'm

0:00:17.040 --> 0:00:19.079
<v Speaker 1>an editor here at How Stuff Works, and sitting next

0:00:19.120 --> 0:00:22.320
<v Speaker 1>to me, as always, is senior writer Jonathan Strickland. Hey there,

0:00:22.960 --> 0:00:25.680
<v Speaker 1>that was just for you, Chris. Thanks welcome. I appreciate

0:00:25.760 --> 0:00:29.120
<v Speaker 1>that you sure. Are you sure that's you and not

0:00:29.240 --> 0:00:32.159
<v Speaker 1>somebody else? I'm pretty sure it's me this time. Uh,

0:00:32.600 --> 0:00:35.400
<v Speaker 1>they look like you, but I can't. Yeah. We wanted

0:00:35.440 --> 0:00:38.400
<v Speaker 1>to talk today about kind of an insidious problem that's

0:00:38.440 --> 0:00:41.560
<v Speaker 1>on the internet, although it didn't officially you know, start

0:00:41.560 --> 0:00:43.600
<v Speaker 1>on the internet. It's actually older than the Internet is.

0:00:43.960 --> 0:00:47.320
<v Speaker 1>But we're talking about phishing scams, and that's fishing with

0:00:47.360 --> 0:00:52.120
<v Speaker 1>a pH Yeah, that's true. Um, the these these are

0:00:52.240 --> 0:00:56.840
<v Speaker 1>social engineering scams. There. They're little ploys designed to trick

0:00:56.920 --> 0:01:00.320
<v Speaker 1>you into giving away your personal information. Yeah. And the

0:01:00.400 --> 0:01:02.480
<v Speaker 1>bait that they use, which is part of why it's

0:01:02.480 --> 0:01:07.319
<v Speaker 1>called phishing, is uh, it usually plays usually plays upon

0:01:08.000 --> 0:01:13.880
<v Speaker 1>your baser personality traits. Let's say like greed. That's a

0:01:13.920 --> 0:01:16.319
<v Speaker 1>big one. In fact, that's probably the main one, but

0:01:16.400 --> 0:01:19.640
<v Speaker 1>other ones like Vanity also play a part in certain

0:01:19.760 --> 0:01:23.600
<v Speaker 1>uh phishing scams. So let's let's talk about a couple

0:01:23.640 --> 0:01:26.959
<v Speaker 1>I wanted to talk about probably the best known scam,

0:01:27.400 --> 0:01:30.039
<v Speaker 1>especially when it comes to email scams, which is the

0:01:30.160 --> 0:01:34.520
<v Speaker 1>Nigerian email scam or the four one nine scam. Well,

0:01:34.560 --> 0:01:39.080
<v Speaker 1>you know, I was actually contacted by somebody in Nigeria. Yeah,

0:01:39.200 --> 0:01:41.560
<v Speaker 1>and they said if I just gave them some personal information,

0:01:41.600 --> 0:01:46.080
<v Speaker 1>they would uh millions of dollars. Yeah, that's that's the

0:01:46.120 --> 0:01:49.280
<v Speaker 1>basis for this scam. Now, the original scam was not

0:01:49.560 --> 0:01:52.320
<v Speaker 1>a phishing scam originally it was it was just so

0:01:52.360 --> 0:01:55.000
<v Speaker 1>that you would send them money, so you would wire

0:01:55.040 --> 0:01:58.600
<v Speaker 1>this person money directly, um. But they would not have

0:01:58.600 --> 0:02:02.080
<v Speaker 1>access to your personal information, just your money. So hey,

0:02:02.120 --> 0:02:05.880
<v Speaker 1>there's a bright side, right. But they they have kind

0:02:05.920 --> 0:02:09.240
<v Speaker 1>of evolved since then, and often you will find these

0:02:09.280 --> 0:02:13.880
<v Speaker 1>these um emails. Uh. They're called Nigerian scams because a

0:02:13.960 --> 0:02:18.120
<v Speaker 1>lot of them do seem to originate from Nigeria. UM,

0:02:18.200 --> 0:02:20.359
<v Speaker 1>not all of them. They could be from anywhere. It's

0:02:20.400 --> 0:02:23.920
<v Speaker 1>just that's the name they've been given. And the claim

0:02:24.040 --> 0:02:26.840
<v Speaker 1>is that there is an enormous sum of money that

0:02:26.880 --> 0:02:28.959
<v Speaker 1>they're trying to get. This person is trying to get

0:02:28.960 --> 0:02:32.240
<v Speaker 1>out of whatever country they're in, and they want to

0:02:32.320 --> 0:02:35.200
<v Speaker 1>use you as an accomplice to hold onto this money.

0:02:35.240 --> 0:02:37.400
<v Speaker 1>And you get to keep a portion of that money

0:02:37.960 --> 0:02:40.640
<v Speaker 1>as as part of the deal. And as the deal

0:02:40.720 --> 0:02:44.800
<v Speaker 1>goes on, things start to mess up and the person says, oh,

0:02:44.880 --> 0:02:47.359
<v Speaker 1>you know, um, I've got to bribe this this official.

0:02:47.680 --> 0:02:50.160
<v Speaker 1>I'm gonna need a thousand dollars from you so that

0:02:50.200 --> 0:02:52.240
<v Speaker 1>I can bribe this person and then we'll be able

0:02:52.280 --> 0:02:54.840
<v Speaker 1>to get you the millions and millions of dollars. And

0:02:54.919 --> 0:02:57.120
<v Speaker 1>with that promise the millions of dollars, lots of people

0:02:57.600 --> 0:03:01.600
<v Speaker 1>are willing to part with substantial sums of money thinking

0:03:01.600 --> 0:03:05.880
<v Speaker 1>they're gonna get practically something for nothing. And there are

0:03:05.919 --> 0:03:08.480
<v Speaker 1>people who have lost hundreds of thousands of dollars in

0:03:08.520 --> 0:03:13.280
<v Speaker 1>these scams. That's true, Um, and uh, it's it's kind

0:03:13.280 --> 0:03:16.200
<v Speaker 1>of impressive the list of people who have gotten caught

0:03:16.480 --> 0:03:21.959
<v Speaker 1>by these scams, including Harvard professor a few years ensnared

0:03:22.520 --> 0:03:25.320
<v Speaker 1>by one of these these ploys. Um. They actually found

0:03:25.320 --> 0:03:28.600
<v Speaker 1>out he had been embezzling a little bit himself, and

0:03:29.080 --> 0:03:32.400
<v Speaker 1>well he lost it all when he sent it to Nigeria. Right, Yeah, this'

0:03:32.960 --> 0:03:36.280
<v Speaker 1>it's it's one of those things that just um it's

0:03:37.360 --> 0:03:41.400
<v Speaker 1>it's just evil, evil scheme that that has taken lots

0:03:41.400 --> 0:03:43.760
<v Speaker 1>of money from people who were a little naive and

0:03:43.960 --> 0:03:48.720
<v Speaker 1>a little greedy and way too trusting, so less than one.

0:03:49.880 --> 0:03:53.520
<v Speaker 1>Don't trust everything you see on the internet. Um, that's

0:03:53.600 --> 0:03:56.119
<v Speaker 1>that's probably the best thing to keep in mind while

0:03:56.160 --> 0:03:58.320
<v Speaker 1>we're talking about all these fishing schemes. You know, like

0:03:58.360 --> 0:04:00.880
<v Speaker 1>the old thing goes, if it seems too good to

0:04:00.880 --> 0:04:04.280
<v Speaker 1>be true, it probably is. Yeah, definitely, But um I

0:04:04.320 --> 0:04:06.800
<v Speaker 1>always one of the one of the sort of asides

0:04:06.880 --> 0:04:10.480
<v Speaker 1>for this part of the h our discussion is, um

0:04:10.520 --> 0:04:14.080
<v Speaker 1>the people that have started counter scamming the scammers, which

0:04:14.160 --> 0:04:17.880
<v Speaker 1>just tickles me. No end there there. You can do

0:04:17.920 --> 0:04:19.720
<v Speaker 1>a quick search on the internet and you can find

0:04:19.760 --> 0:04:22.919
<v Speaker 1>people who are uh they respond to these scammers and

0:04:22.920 --> 0:04:25.360
<v Speaker 1>they'll say, well, sure, you know, I'm happy to help

0:04:25.400 --> 0:04:27.719
<v Speaker 1>you out, but first I need this from you, and

0:04:27.760 --> 0:04:30.400
<v Speaker 1>they'll make them do these elaborate things. I saw somebody

0:04:30.440 --> 0:04:34.359
<v Speaker 1>who made them carve a commodore sixty four out of

0:04:34.400 --> 0:04:38.000
<v Speaker 1>wood and send it to them, and they showed pictures

0:04:38.040 --> 0:04:41.719
<v Speaker 1>of it and it was amazing, right, So the people

0:04:41.760 --> 0:04:43.640
<v Speaker 1>on the other end of the scam can sometimes be

0:04:43.760 --> 0:04:45.880
<v Speaker 1>just as naive as the people they're trying to to

0:04:46.600 --> 0:04:49.600
<v Speaker 1>lure into the trap and to get back into the

0:04:49.600 --> 0:04:52.359
<v Speaker 1>fishing thing. The Nigerian scam, the way it's evolved is

0:04:52.520 --> 0:04:55.000
<v Speaker 1>is instead of asking for money, they'll ask for things

0:04:55.080 --> 0:04:58.400
<v Speaker 1>like your social Security number or your bank account number.

0:04:58.680 --> 0:05:01.119
<v Speaker 1>And then once they have that in for nation, that's

0:05:01.160 --> 0:05:03.080
<v Speaker 1>when you're really in trouble because not only will the

0:05:03.160 --> 0:05:05.600
<v Speaker 1>siphon out all the money in your account, but they

0:05:05.680 --> 0:05:10.080
<v Speaker 1>might also make you a a victim of identity theft. Um.

0:05:10.120 --> 0:05:12.800
<v Speaker 1>That's the that's the main goal for probably most of

0:05:12.880 --> 0:05:16.320
<v Speaker 1>the phishing schemes online, I would say is is some

0:05:16.440 --> 0:05:19.640
<v Speaker 1>form of identity theft, usually some sort of credit card

0:05:19.800 --> 0:05:22.839
<v Speaker 1>fraud or um or just outright theft of whatever's in

0:05:22.839 --> 0:05:25.719
<v Speaker 1>your bank account. I use a m I use a

0:05:25.760 --> 0:05:30.160
<v Speaker 1>web mail uh, pretty standard, well known web mail service

0:05:30.200 --> 0:05:32.599
<v Speaker 1>for my main email account. If you look at the

0:05:32.600 --> 0:05:36.000
<v Speaker 1>spam folder, it's pretty obvious that these things are scams

0:05:36.040 --> 0:05:39.000
<v Speaker 1>because I honestly, every time I look at the spam

0:05:39.000 --> 0:05:41.640
<v Speaker 1>folder and then it'll be a full folder. You'll see

0:05:41.800 --> 0:05:45.200
<v Speaker 1>probably about a third of those have similar or the

0:05:45.240 --> 0:05:50.040
<v Speaker 1>same exact uh subject headings. Um, and they'll all be

0:05:50.200 --> 0:05:53.000
<v Speaker 1>you know, please or help me with my problem or

0:05:53.040 --> 0:05:56.159
<v Speaker 1>you know, bless you you have uh, you have the

0:05:56.160 --> 0:05:58.960
<v Speaker 1>way to help my you know, situation out and you're

0:05:58.960 --> 0:06:02.480
<v Speaker 1>don't looking at your going okay, obviously there's something going

0:06:02.560 --> 0:06:05.599
<v Speaker 1>on here. And you know, bank accounts, they'll say, you know,

0:06:06.320 --> 0:06:08.640
<v Speaker 1>I'll get letters from banks that I never have had

0:06:08.680 --> 0:06:12.000
<v Speaker 1>an account with saying you must update your account information

0:06:12.520 --> 0:06:15.800
<v Speaker 1>as soon as possible otherwise, you know, or PayPal, you know,

0:06:15.880 --> 0:06:19.280
<v Speaker 1>And I'm going, yeah, no, I know, you're not real

0:06:19.480 --> 0:06:21.760
<v Speaker 1>That thing is they've gotten really sophisticated. They're getting a

0:06:21.800 --> 0:06:25.400
<v Speaker 1>lot better but fewer spelling mistakes and things and including

0:06:25.400 --> 0:06:29.919
<v Speaker 1>your name and things that might have clued you in before.

0:06:29.920 --> 0:06:32.159
<v Speaker 1>Are they're yeah, they're fine. They're starting to starting to

0:06:32.200 --> 0:06:34.480
<v Speaker 1>close those holes that that were that were in the

0:06:34.800 --> 0:06:39.480
<v Speaker 1>their approaches before. Um. You mentioned the bank thing. That's

0:06:39.480 --> 0:06:43.240
<v Speaker 1>actually a very good point. Uh. That's another one that

0:06:43.279 --> 0:06:46.440
<v Speaker 1>plays on not so much a negative personality trade, but

0:06:46.480 --> 0:06:49.119
<v Speaker 1>it plays on a person's fear. Yeah, you know, because

0:06:49.160 --> 0:06:51.479
<v Speaker 1>if you get a message that's from your bank account

0:06:51.680 --> 0:06:54.680
<v Speaker 1>or your your bank and it says, uh that there's

0:06:54.720 --> 0:06:57.360
<v Speaker 1>a problem with your account. Obviously you're going to immediately

0:06:57.360 --> 0:07:02.240
<v Speaker 1>want to try and address this problem. And um, the

0:07:02.240 --> 0:07:06.000
<v Speaker 1>there's a kind of a sister technique to fishing called

0:07:06.120 --> 0:07:11.400
<v Speaker 1>farming also with a pH which uh spoof's a website.

0:07:11.840 --> 0:07:14.400
<v Speaker 1>The goal here is to create a website that looks

0:07:14.440 --> 0:07:21.600
<v Speaker 1>identical to a real, um, respectable, legitimate website, so a

0:07:21.680 --> 0:07:25.080
<v Speaker 1>bank will say that's a good example. Um, but the

0:07:25.120 --> 0:07:27.600
<v Speaker 1>goal is not to let you access your account, but

0:07:27.680 --> 0:07:32.480
<v Speaker 1>rather to collect user names and passwords. And uh, it's

0:07:32.520 --> 0:07:34.680
<v Speaker 1>the same sort of end goal as phishing. It's it's

0:07:34.680 --> 0:07:37.360
<v Speaker 1>collecting all this information and then just stealing everything you

0:07:37.360 --> 0:07:42.760
<v Speaker 1>can possibly steal. Um, these are these are kind of

0:07:42.800 --> 0:07:46.360
<v Speaker 1>scary things. I mean, that's really and anyone can fall

0:07:46.440 --> 0:07:49.080
<v Speaker 1>victim to it. Uh. It's very easy to read one

0:07:49.120 --> 0:07:52.960
<v Speaker 1>of these emails and get emotionally involved and act before

0:07:53.040 --> 0:07:56.640
<v Speaker 1>you can really think things through. Yeah, and there's them.

0:07:56.680 --> 0:07:59.040
<v Speaker 1>There's some ways that you can kind of tell that

0:07:59.120 --> 0:08:02.080
<v Speaker 1>these these fights are real or not. You should always

0:08:02.120 --> 0:08:04.320
<v Speaker 1>look when somebody tries to get you to go to

0:08:04.360 --> 0:08:05.840
<v Speaker 1>one of these sites, take a look at the u

0:08:06.000 --> 0:08:08.840
<v Speaker 1>R l UM and that's that's gonna be one of

0:08:08.880 --> 0:08:11.360
<v Speaker 1>the first clues because a lot of the fishing UH

0:08:11.600 --> 0:08:15.080
<v Speaker 1>emails that you'll see, we'll ask you to click on

0:08:15.120 --> 0:08:16.760
<v Speaker 1>this link and if you mouse over it, you know,

0:08:16.840 --> 0:08:20.440
<v Speaker 1>just hold your mouse cursor there and look at the

0:08:20.440 --> 0:08:23.360
<v Speaker 1>the location for the site. A lot of times you'll

0:08:23.400 --> 0:08:26.000
<v Speaker 1>see that it doesn't even have the name of the

0:08:26.040 --> 0:08:29.520
<v Speaker 1>site that you're supposed to go to in it, So, um,

0:08:29.560 --> 0:08:32.079
<v Speaker 1>that's a pretty good clue right there. Or they'll it'll

0:08:32.080 --> 0:08:36.120
<v Speaker 1>be the name hyphen something else and you'll go, Okay,

0:08:36.160 --> 0:08:38.640
<v Speaker 1>this seems a little odd. You want to see if

0:08:38.640 --> 0:08:41.120
<v Speaker 1>the website has security that usually you can tell that

0:08:41.200 --> 0:08:44.040
<v Speaker 1>by either looking for the little lock icon or the

0:08:44.200 --> 0:08:46.640
<v Speaker 1>h T t P s in the u r L.

0:08:47.600 --> 0:08:50.920
<v Speaker 1>Keep in mind that both of those can be faked. Um.

0:08:51.000 --> 0:08:54.000
<v Speaker 1>You can even create a fake website that has a

0:08:54.080 --> 0:08:57.200
<v Speaker 1>fake u r L that looks just like the real one. Um.

0:08:57.240 --> 0:09:02.200
<v Speaker 1>There's a nasty, nasty attack called it donain domain name

0:09:02.400 --> 0:09:07.040
<v Speaker 1>server poisoning where you can um spoof the whole thing,

0:09:07.120 --> 0:09:09.920
<v Speaker 1>and that that's probably the scariest of all of them,

0:09:09.920 --> 0:09:12.920
<v Speaker 1>because in most of these cases, a good point of

0:09:12.960 --> 0:09:15.839
<v Speaker 1>advice is instead of clicking on a link to take

0:09:15.920 --> 0:09:18.800
<v Speaker 1>you to whichever site you need to go to, like

0:09:18.920 --> 0:09:22.680
<v Speaker 1>let's say Amazon or PayPal. UM, you type the address

0:09:22.760 --> 0:09:25.240
<v Speaker 1>in instead and that way you don't have to worry

0:09:25.240 --> 0:09:29.600
<v Speaker 1>about a link redirecting you to another site. However, with

0:09:29.720 --> 0:09:34.079
<v Speaker 1>the d NS poisoning, it is possible to full computers

0:09:34.080 --> 0:09:36.000
<v Speaker 1>so that even if you were to type the address

0:09:36.040 --> 0:09:38.320
<v Speaker 1>and you will go to the farming site instead of

0:09:38.360 --> 0:09:42.560
<v Speaker 1>the real site. UM. Not very widespread, but it is possible.

0:09:42.640 --> 0:09:46.400
<v Speaker 1>This is one of those major major uh uh security

0:09:46.480 --> 0:09:49.719
<v Speaker 1>leaks that came out over the to the year two

0:09:49.720 --> 0:09:54.040
<v Speaker 1>thousand eight UM. Unfortunately, right now it hasn't become a

0:09:54.080 --> 0:09:59.480
<v Speaker 1>major problem. It's just the potential for disaster. So um. Yeah,

0:09:59.720 --> 0:10:03.240
<v Speaker 1>the fishing and farming, these are these are things that

0:10:03.320 --> 0:10:05.360
<v Speaker 1>you definitely need to look out for. And there's some

0:10:05.520 --> 0:10:09.200
<v Speaker 1>other general rules. If you ever get a message from

0:10:09.240 --> 0:10:12.840
<v Speaker 1>your browser saying that the certificate it's asking for does

0:10:12.880 --> 0:10:15.760
<v Speaker 1>not match the u r L, that is a huge

0:10:15.880 --> 0:10:20.439
<v Speaker 1>warning that you should never agree to accept a certificate.

0:10:20.480 --> 0:10:23.400
<v Speaker 1>If it's gives you that message, that's pretty good indication

0:10:23.440 --> 0:10:27.439
<v Speaker 1>that you are you're in a farm farmed site, that's true,

0:10:27.440 --> 0:10:30.559
<v Speaker 1>and you can It will usually tell you specifically what

0:10:30.600 --> 0:10:32.160
<v Speaker 1>that u r L is. And if you look at

0:10:32.200 --> 0:10:34.400
<v Speaker 1>that and that pop up window that you'll get, you're

0:10:34.400 --> 0:10:37.800
<v Speaker 1>gonna see that the u r L doesn't necessarily match.

0:10:37.880 --> 0:10:41.480
<v Speaker 1>And in some cases it will make sense to you, um,

0:10:41.559 --> 0:10:44.079
<v Speaker 1>you know, there are some legitimate cases where it might

0:10:44.160 --> 0:10:47.560
<v Speaker 1>be a little different. Um, but you should be able

0:10:47.559 --> 0:10:49.520
<v Speaker 1>to look at that and puzzle it out for yourself

0:10:49.559 --> 0:10:52.240
<v Speaker 1>and go that you know, does not make sense to

0:10:52.320 --> 0:10:54.520
<v Speaker 1>me that this would go to this u r L.

0:10:54.559 --> 0:10:56.520
<v Speaker 1>I don't think this is safe. And there are some

0:10:56.559 --> 0:11:00.360
<v Speaker 1>browser uh you know, the newer browsers have some phishing

0:11:00.360 --> 0:11:03.920
<v Speaker 1>anti phishing technology built into them. Yes, yeah, that's true.

0:11:04.200 --> 0:11:06.199
<v Speaker 1>And we should also go ahead and move on to

0:11:06.400 --> 0:11:08.480
<v Speaker 1>we were going to talk about some social networking sites

0:11:08.559 --> 0:11:13.120
<v Speaker 1>recently that have had some issues with uh, with phishing attacks. Now,

0:11:13.160 --> 0:11:15.839
<v Speaker 1>these are a little different, uh, and it's a it's

0:11:15.840 --> 0:11:18.840
<v Speaker 1>a step further away from any money. You know, you're

0:11:18.840 --> 0:11:21.800
<v Speaker 1>not you're not logging, you're not giving someone the information

0:11:21.880 --> 0:11:26.040
<v Speaker 1>to your bank. However, if someone fishes your information from

0:11:26.040 --> 0:11:28.080
<v Speaker 1>a social networking site, they may end up getting a

0:11:28.120 --> 0:11:31.559
<v Speaker 1>password that works for other websites. If you're the kind

0:11:31.559 --> 0:11:34.679
<v Speaker 1>of person who creates the one password and uses that

0:11:34.720 --> 0:11:37.880
<v Speaker 1>for everything. If you get tricked once, that means your

0:11:37.920 --> 0:11:42.920
<v Speaker 1>information is is vulnerable everywhere you go. UM. So that's

0:11:42.960 --> 0:11:44.760
<v Speaker 1>one of the good reasons to make sure you use

0:11:44.800 --> 0:11:47.880
<v Speaker 1>different passwords for different websites, which is a pain. I

0:11:47.920 --> 0:11:49.680
<v Speaker 1>know it's a pain, especially if you have a lot

0:11:49.679 --> 0:11:52.480
<v Speaker 1>of websites you go to. That's really important to do

0:11:52.920 --> 0:11:56.199
<v Speaker 1>if you want to remain safe online. That's true. And

0:11:56.240 --> 0:12:00.920
<v Speaker 1>there are some pretty sophisticated UM password storage sites that

0:12:00.960 --> 0:12:04.560
<v Speaker 1>are available now UM and UH. Some of them will

0:12:04.559 --> 0:12:07.600
<v Speaker 1>help you manage your your logins. They'll plug in, they'll

0:12:07.600 --> 0:12:10.560
<v Speaker 1>offer a plug in for things like Firefox browsers like Firefox,

0:12:10.600 --> 0:12:12.360
<v Speaker 1>you can plug it in and it will when you

0:12:12.360 --> 0:12:13.880
<v Speaker 1>go to a site. It will allow you to store

0:12:14.480 --> 0:12:17.040
<v Speaker 1>UM passwords. And some of them will even allow you

0:12:17.080 --> 0:12:20.880
<v Speaker 1>to generate uh new passwords, so it'll be you know,

0:12:21.040 --> 0:12:24.200
<v Speaker 1>you you can generate something with lots of different upper

0:12:24.240 --> 0:12:27.720
<v Speaker 1>and lower case characters and numeric things and and basically

0:12:27.760 --> 0:12:31.840
<v Speaker 1>help you to come up with something really tricky UM

0:12:31.920 --> 0:12:34.160
<v Speaker 1>and you won't necessarily have to remember it because the

0:12:34.640 --> 0:12:37.720
<v Speaker 1>plug in has it stored for you. Right and UH.

0:12:37.920 --> 0:12:42.280
<v Speaker 1>Going back to social the social media stuff, UM, Facebook

0:12:42.320 --> 0:12:46.559
<v Speaker 1>and Twitter both have had some problems with phishing attacks recently,

0:12:46.600 --> 0:12:48.280
<v Speaker 1>and recently I mean the end of two thousand and

0:12:48.320 --> 0:12:52.679
<v Speaker 1>eight and beginning of two thousand nine. Um. Facebook, Actually

0:12:52.679 --> 0:12:55.080
<v Speaker 1>one of my friends on Facebook was victim to this. Uh.

0:12:55.160 --> 0:12:58.160
<v Speaker 1>He he was suddenly sending out all these messages to

0:12:58.240 --> 0:13:01.240
<v Speaker 1>people saying, Hey, you know, you look really funny in

0:13:01.240 --> 0:13:03.800
<v Speaker 1>this video. I can't believe you did this, blah blah blah.

0:13:03.920 --> 0:13:06.840
<v Speaker 1>And then there's a link, and the link takes you

0:13:06.920 --> 0:13:09.000
<v Speaker 1>to a site that looks like a video site, and

0:13:09.040 --> 0:13:10.679
<v Speaker 1>it tells you, Hey, you know what, you need this

0:13:10.679 --> 0:13:12.720
<v Speaker 1>plug in in order to play the video. Click here.

0:13:13.200 --> 0:13:15.080
<v Speaker 1>And if you were to click there, you would immediately

0:13:15.080 --> 0:13:19.800
<v Speaker 1>download some malware onto your computer. And so uh, in

0:13:19.840 --> 0:13:22.480
<v Speaker 1>this case, it's not necessarily to steal your information, but

0:13:23.160 --> 0:13:27.839
<v Speaker 1>it was a malware delivery system which could theoretically also

0:13:27.920 --> 0:13:30.120
<v Speaker 1>helps steal your information. It could be a key logger,

0:13:30.160 --> 0:13:32.840
<v Speaker 1>it could be a trojan, ums, all sorts of things,

0:13:33.040 --> 0:13:35.840
<v Speaker 1>nasty things that could happen to you by following these links.

0:13:36.160 --> 0:13:39.439
<v Speaker 1>So we did let him know that his account was compromised,

0:13:39.480 --> 0:13:41.880
<v Speaker 1>and um he ran some software and he changed his

0:13:41.920 --> 0:13:45.000
<v Speaker 1>past words and things seem to be okay with his

0:13:45.120 --> 0:13:47.280
<v Speaker 1>account now, but I've seen that happen two or three

0:13:47.320 --> 0:13:50.959
<v Speaker 1>other times with other people. And the pernicious thing is

0:13:51.840 --> 0:13:54.559
<v Speaker 1>on Facebook if you haven't used Facebook before, if you're

0:13:54.600 --> 0:13:58.760
<v Speaker 1>posting something to somebody else's what they call the wall, right, Um,

0:13:58.880 --> 0:14:01.120
<v Speaker 1>you have to be a friend of that person is

0:14:01.160 --> 0:14:03.920
<v Speaker 1>in order to do that. So there's already that that

0:14:04.160 --> 0:14:07.040
<v Speaker 1>aura of trust going on. You say, well, this must

0:14:07.080 --> 0:14:11.040
<v Speaker 1>be legitimate, you know, And and even though there may

0:14:11.040 --> 0:14:13.959
<v Speaker 1>be spelling errors or the grammar they use may not

0:14:14.080 --> 0:14:16.280
<v Speaker 1>be the same way that this person would normally write

0:14:16.280 --> 0:14:19.760
<v Speaker 1>to you, you might say, well, you know, obviously it's

0:14:19.800 --> 0:14:22.960
<v Speaker 1>not somebody else because they're writing on my wall, so

0:14:23.000 --> 0:14:26.240
<v Speaker 1>it must be legitimate. Well, that's the thing is those

0:14:26.280 --> 0:14:30.240
<v Speaker 1>people are falling prey to the fishing attack, and then

0:14:30.760 --> 0:14:34.080
<v Speaker 1>other people fall prey to it, and that's social engineering,

0:14:35.240 --> 0:14:38.280
<v Speaker 1>right Yeah. Twitter was very much the same way. Um,

0:14:38.320 --> 0:14:41.440
<v Speaker 1>a few Twitter accounts were compromised and in a way

0:14:41.480 --> 0:14:44.120
<v Speaker 1>that as of the recording of this podcast, we're just

0:14:44.200 --> 0:14:49.920
<v Speaker 1>not sure exactly how the the initial uh takeover happened.

0:14:50.120 --> 0:14:53.680
<v Speaker 1>But after that, direct messages started going between Twitter users

0:14:53.680 --> 0:14:55.840
<v Speaker 1>and and and just like in Facebook, to send a

0:14:55.840 --> 0:14:58.640
<v Speaker 1>direct message, and Twitter you have to follow the person

0:14:58.680 --> 0:15:00.440
<v Speaker 1>you're sending the message to and they have to follow

0:15:00.480 --> 0:15:03.080
<v Speaker 1>you back. It can't just be a one way street.

0:15:03.160 --> 0:15:05.560
<v Speaker 1>It has to be you know, mutual following. Then you

0:15:05.560 --> 0:15:07.800
<v Speaker 1>can send a direct message, which is a private message.

0:15:07.840 --> 0:15:13.560
<v Speaker 1>It doesn't go on the public Twitter broadcast. And these

0:15:13.600 --> 0:15:15.840
<v Speaker 1>private messages said things like, oh, you won't believe what

0:15:15.880 --> 0:15:18.760
<v Speaker 1>this person said about you in this blog, and you know,

0:15:18.920 --> 0:15:22.040
<v Speaker 1>being the kind of vain people we are, we Twitter users,

0:15:22.560 --> 0:15:27.040
<v Speaker 1>I include myself in that. Yeah, but in particular people

0:15:27.040 --> 0:15:30.280
<v Speaker 1>who use Facebook and Twitter. There there's a few studies

0:15:30.280 --> 0:15:32.840
<v Speaker 1>that suggests that such users have a little bit of

0:15:32.920 --> 0:15:38.960
<v Speaker 1>a narcissistic tendency. Um well, you feel inclined to click

0:15:39.000 --> 0:15:42.000
<v Speaker 1>on this, and of course that ends up delivering malware

0:15:42.040 --> 0:15:46.240
<v Speaker 1>to your computer. So um yeah, these are We're probably

0:15:46.240 --> 0:15:48.240
<v Speaker 1>gonna see a lot more of these, especially as people,

0:15:48.560 --> 0:15:51.600
<v Speaker 1>you know, think people who think it's funny. Like the

0:15:51.640 --> 0:15:53.760
<v Speaker 1>Twitter stuff. A lot of the things I saw were

0:15:53.800 --> 0:15:56.120
<v Speaker 1>just people messing with other people's Twitter accounts so that

0:15:56.160 --> 0:16:00.800
<v Speaker 1>they were making them say ridiculous and you know, scandalous

0:16:00.840 --> 0:16:04.840
<v Speaker 1>things and completely untrue things. But they weren't using it

0:16:04.880 --> 0:16:08.360
<v Speaker 1>to necessarily steal information. They were just making a nuisance

0:16:08.400 --> 0:16:11.960
<v Speaker 1>of themselves. We'll probably see more of that too. Yeah.

0:16:12.000 --> 0:16:14.440
<v Speaker 1>As a matter of fact, Um, there were several high

0:16:14.440 --> 0:16:16.720
<v Speaker 1>profile accounts that were hacked right on the heels of

0:16:16.760 --> 0:16:22.240
<v Speaker 1>that fishing scheme, like President elect Barack Obama and Britney

0:16:22.280 --> 0:16:27.320
<v Speaker 1>spring Spears Fox News, Rick Sancho said, Rick Sanchez from CNN,

0:16:27.640 --> 0:16:31.680
<v Speaker 1>I believe Rick Sanchez claimed according to his Twitter account

0:16:31.720 --> 0:16:35.320
<v Speaker 1>that he had taken some crack early in the morning

0:16:35.400 --> 0:16:39.000
<v Speaker 1>and was kind of flying high at the time. Yeah, yeah,

0:16:39.080 --> 0:16:41.920
<v Speaker 1>that was not that was yeah, that was a bad one. Yeah,

0:16:42.200 --> 0:16:46.200
<v Speaker 1>and patently, you know, completely untrue. Yeah, it was not

0:16:46.360 --> 0:16:49.600
<v Speaker 1>Rick Sanchez, it was whomever had taken over his account.

0:16:49.800 --> 0:16:54.120
<v Speaker 1>But apparently in that case, Twitter founder Biz Stone said

0:16:54.120 --> 0:16:56.880
<v Speaker 1>that there were some tools, administrative tools that had gotten

0:16:57.520 --> 0:17:01.640
<v Speaker 1>hacked into right that would allow someone to access passwords,

0:17:01.680 --> 0:17:04.040
<v Speaker 1>and there were thirty three accounts they haven't divulged at

0:17:04.040 --> 0:17:06.720
<v Speaker 1>this time at the time of us recording this who

0:17:06.760 --> 0:17:09.520
<v Speaker 1>all was hacked. But they were all famous people with

0:17:09.640 --> 0:17:13.359
<v Speaker 1>lots of lots of I mean, they were the obvious targets.

0:17:14.000 --> 0:17:16.920
<v Speaker 1>And um, yeah, this is uh, And so don't think

0:17:16.960 --> 0:17:20.679
<v Speaker 1>that President elect Obama saw Hey, see what this crazy

0:17:20.680 --> 0:17:22.439
<v Speaker 1>person said in the blog about you and then clicked

0:17:22.440 --> 0:17:24.520
<v Speaker 1>on it. That's not the case. In this case, he

0:17:24.640 --> 0:17:27.800
<v Speaker 1>was he was targeted specifically by the hackers. This wasn't

0:17:27.880 --> 0:17:30.280
<v Speaker 1>one of those things where Obama is just like I

0:17:30.280 --> 0:17:33.440
<v Speaker 1>wonder what this blogger did say about me. Um. So,

0:17:33.840 --> 0:17:36.640
<v Speaker 1>just to clear that up, I wanted to talk very

0:17:36.680 --> 0:17:38.720
<v Speaker 1>briefly about what you should do if you are the

0:17:38.800 --> 0:17:42.840
<v Speaker 1>victim of a phishing attack. Okay, so, there are a

0:17:42.880 --> 0:17:45.560
<v Speaker 1>few different websites you can report a phishing attack to.

0:17:45.960 --> 0:17:49.800
<v Speaker 1>One of them is the anti phishing dot org website,

0:17:49.880 --> 0:17:53.240
<v Speaker 1>and you can send an email to report phishing at

0:17:53.359 --> 0:17:56.280
<v Speaker 1>anti phishing dot org. Um. You can also send an

0:17:56.320 --> 0:17:59.159
<v Speaker 1>email to the Federal Trade Commission, which is UH that

0:17:59.320 --> 0:18:02.359
<v Speaker 1>the DEMAI address to send that too would be spam

0:18:02.480 --> 0:18:06.320
<v Speaker 1>at u CE dot gov. And you would probably want

0:18:06.320 --> 0:18:09.160
<v Speaker 1>to file a complaint with the FBI UH at their

0:18:09.200 --> 0:18:12.600
<v Speaker 1>Internet Crime Complaints Center which is at www dot i

0:18:12.800 --> 0:18:16.600
<v Speaker 1>C three dot gov. And it's important to let these

0:18:16.760 --> 0:18:19.560
<v Speaker 1>these organizations know so that they can let everyone else

0:18:19.600 --> 0:18:25.000
<v Speaker 1>know and investigate. Meanwhile, you should also immediately contact the

0:18:25.160 --> 0:18:31.440
<v Speaker 1>three big credit bureaus so experience Equifax and TransUnion and

0:18:31.920 --> 0:18:33.760
<v Speaker 1>get ahold of your credit report, take a look at it,

0:18:33.760 --> 0:18:37.000
<v Speaker 1>see if there's anything strange on their report the fraud

0:18:37.400 --> 0:18:40.520
<v Speaker 1>to them. UM, if you have evidence of fraud, you

0:18:40.520 --> 0:18:42.760
<v Speaker 1>should use that so that you can get the fraud

0:18:43.280 --> 0:18:46.800
<v Speaker 1>alert extended over the maximum amount of time, because standard

0:18:46.840 --> 0:18:50.159
<v Speaker 1>time for a fraud alert is ninety days, and the

0:18:50.200 --> 0:18:52.600
<v Speaker 1>problem with that is someone could still be using your

0:18:52.600 --> 0:18:54.920
<v Speaker 1>information after those ninety days and you'd really be stuck.

0:18:54.960 --> 0:18:57.760
<v Speaker 1>So if you have proof of fraud, you can get

0:18:57.760 --> 0:19:02.119
<v Speaker 1>that extended up to I think seven years, UM, which

0:19:02.240 --> 0:19:04.040
<v Speaker 1>you know it sounds kind of crazy, but you know

0:19:04.240 --> 0:19:07.960
<v Speaker 1>we're talking about your information that can affect your credit rating,

0:19:07.960 --> 0:19:09.560
<v Speaker 1>whether or not you can buy a house, whether or

0:19:09.600 --> 0:19:12.680
<v Speaker 1>not you get a job. I mean, this is important stuff. UM.

0:19:12.760 --> 0:19:15.960
<v Speaker 1>And also report the crime to local law enforcement. Uh,

0:19:16.000 --> 0:19:18.480
<v Speaker 1>if it happened, you know, if it happened while you

0:19:18.480 --> 0:19:20.240
<v Speaker 1>were at home, of course, that's you know, you report

0:19:20.320 --> 0:19:22.320
<v Speaker 1>to that local law enforcement. If you're on vacation, whatever,

0:19:22.359 --> 0:19:24.520
<v Speaker 1>you report to them, um, just to let them know

0:19:24.560 --> 0:19:27.000
<v Speaker 1>what had happened. That kind of covers all the bases.

0:19:27.000 --> 0:19:29.440
<v Speaker 1>You may have to sign some AFFI David's to make

0:19:29.440 --> 0:19:31.399
<v Speaker 1>sure that you know you're what you're saying. You're you

0:19:31.440 --> 0:19:33.719
<v Speaker 1>will stand up in court and defend and say this

0:19:33.800 --> 0:19:36.920
<v Speaker 1>is exactly what happened. But that's a small price to

0:19:36.960 --> 0:19:41.639
<v Speaker 1>pay considering. Yeah, I think so. And uh, you know,

0:19:41.720 --> 0:19:44.320
<v Speaker 1>this is as Jonathan said, this is not something that

0:19:45.080 --> 0:19:47.960
<v Speaker 1>you want to take lightly. Just use your common sense. UM,

0:19:48.320 --> 0:19:52.240
<v Speaker 1>avoid clicking on links that that don't appear to be correct. UM,

0:19:52.520 --> 0:19:56.640
<v Speaker 1>go directly to the source if you can to define it. UM.

0:19:56.880 --> 0:19:59.960
<v Speaker 1>Use the latest web browsers to uh that incorporate the

0:20:00.000 --> 0:20:04.159
<v Speaker 1>anti fishing technology. UM. All these things will help you

0:20:04.680 --> 0:20:08.480
<v Speaker 1>help you avoid being sucked in. And uh, it's amazing

0:20:08.520 --> 0:20:11.760
<v Speaker 1>to me how many of these deep sea analogies we have.

0:20:11.840 --> 0:20:16.200
<v Speaker 1>Now we've talked about trolling and fishing. So yeah, it's

0:20:16.200 --> 0:20:19.560
<v Speaker 1>so don't be a prawn. You know what else? Nice?

0:20:20.240 --> 0:20:25.720
<v Speaker 1>Nice piracy? Right, So we've got a whole seafaring thing. Guy. Yeah,

0:20:25.800 --> 0:20:28.520
<v Speaker 1>well I think that about wraps it up for this discussion,

0:20:28.560 --> 0:20:31.360
<v Speaker 1>don't you. Yeah. Excellent. If you want to learn more

0:20:31.400 --> 0:20:33.360
<v Speaker 1>about some of the things we've talked about, we've got

0:20:33.920 --> 0:20:37.120
<v Speaker 1>articles on online crime, we have articles on uh safe

0:20:37.200 --> 0:20:41.840
<v Speaker 1>web browsing. You can fishing fishing, both the PHM and

0:20:42.000 --> 0:20:44.800
<v Speaker 1>f I believe you can find out all about that

0:20:44.920 --> 0:20:47.640
<v Speaker 1>at how stuff works dot com right now, and we'll

0:20:47.680 --> 0:20:51.320
<v Speaker 1>talk to you again really soon. We're more on this

0:20:51.480 --> 0:20:54.000
<v Speaker 1>and thousands of other topics because it how stuff works

0:20:54.000 --> 0:20:57.200
<v Speaker 1>dot com. Let us know what you think. Send an

0:20:57.200 --> 0:21:04.160
<v Speaker 1>email to podcast at how stuff works dot com. Brought

0:21:04.200 --> 0:21:07.399
<v Speaker 1>to you by the reinvented two thousand twelve camera. It's ready,

0:21:07.560 --> 0:21:07.960
<v Speaker 1>are you