Several years ago when I led development of DevPartner SecurityChecker at Compuware I used terms like DOS (denial of service), Phishing, and XSS (cross site scripting) everyday but I didn’t expect people outside of my work environment to understand what I was talking about. A lot has changed in the past few years, Facebook and Twitter are main stream and now you’ve heard of “phishing”.
What is it exactly? Well the short story is that it’s a bait & switch, followed by effort to get private information from someone to use for criminal activity. So when you click on a link that you think is taking you to one webpage, only it actually brings you someplace else, that’s the bait & swtich. And when you’re prompted to give your username and password on the page or data (that has been stored in your browser) is acquired then you’ve been phished.
A few years ago there were a few financial institutions that had this issue. A newsletter had gone out that looked legit to members, and it asked them to log into their accounts for some safety check. Most folks clicked the link and were directed to a page that truly looked like it belonged to the bank. They enter their username and password into input fields and received a “Thank You” message. (Simple. We do what we’re told. Uh huh.) What they had just done was give their username and password to a hacker who then used those credentials to access their bank accounts. Scary stuff right?
Just today a friend of mine, a lady I really trust and respect, suffered from a phishing scheme. She clicked a link in a Twitter post, thinking it was taking her somewhere to see a photo, so when prompted to login she did. Big mistake. She’d just given her Twitter credentials to a hacker. That hacker sold them to someone who wanted to promote a sex site. All of my friend’s Twitter followers were then getting spammed with Tweets and links to a sex site. Even more scary right? I mean Twitter has a thumbnail of your face and little quotation marks that make it look like YOU said whatever is in that status update. I’m sure she was mortified.
You know what though? She gets big huge props handling it so well. Immediately after the first spam went out she followed up with an apology explaining the sitch and promised to resolve it as quickly as possible. You can not ask for, or expect, more than that. I only wish it hadn’t happened to her. And the thing is, these things are mostly preventable. We just have to understand how the internet works and be as vigilant as possible.
See right above...this is what shows when I roll over the "Who We Are" link
Whenever you roll your mouse over a link, look at what the link address really is before you click. Most browsers show the link address in the bottom of the window frame like this. – >
You can also right click and select to view properties to see the actual address. This is a habit to get into whenever you’re not sure of the source. Now that doesn’t mean that you should never click a “tinyurl” or “bit.ly” but it does mean you should trust the source before you click. And maybe even more importantly, if you trust the source or not, never (spelled: never ever) put your username and password into an unvalidated site. Use your own bookmarks or search the site yourself. Don’t make it easy on them 
Right click, show properties
Another way to protect yourself is to use one email account for all your social networking and another for your business and/or financial activities. This way you limit your exposure and have one username and password to help you access your social media accounts. When it comes to managing passwords, there are a few tricks to that as well. If you’d like to talk about it more, just ping me, I almost always do what I can.
KSL
