Josh Bourne ⬥ 31 December
I hope everyone had a wonderful holiday! After time spent worrying about things such as finalizing plans and buying Christmas presents, it’s always good to finally get the chance to slow down and enjoy time with family. It was my baby girl’s first Christmas, so it was definitely a special one.
It doesn’t take long for things to pick up speed after the lull of Christmas Eve and Christmas Day. Many people probably spent the weekend after Christmas returning gifts or taking advantage of some post-holiday sales. Plenty more probably went online in search of deals, hopefully dodging spammers and phishers looking to get a cut of holiday spending.
I have noticed a concerning trend with the spam and phishing emails that make their way into my inbox. Almost every time I have received a scam bank email from spammers/phishers, they have been posing as a local bank that I could feasibly use or the bank at which I am a customer. In other words, I have never received a phishing email from a bank in another country.
This makes me wonder about two things. First, do Internet users in other countries experience the same patterns or do they also receive emails about banks in the U.S.? Second, I have to wonder how much phishers actually know about the people on their email lists. Some of the information contained in the emails is alarmingly specific – if the phisher actually knows where I bank, or at least enough about my habits or location to make a very accurate guess, then what else could they know about me?
At the heart of many phishing schemes is the pursuit of information: personal and financial details that phishers can exploit. A great deal of scam protection involves safeguarding this valuable information. One reason that phishers and other spammers know so much about the people on their lists is because some of their data comes by way of hackers who break into the systems of legitimate organizations and harvest the information that each of us knowingly provided to that organization.
So if phishers already know enough about us to engage in fairly sophisticated targeting and actually reach us, shouldn’t we be more concerned about how easily these phishers can maneuver their way into getting our information?