When you hear of some business being “hacked” you probably think of the images on a lot of television stories involving some quirky young person with glasses sitting at his computer and trying all kinds of tricks to force his way into a server.
In real life, though, things are usually much simpler. The bad guys just ask people for their ID and password, and a surprising number will freely give it.
Of course, they don’t just say “May I have your password, please?” They are quite a bit more sophisticated than that. Consider this actual email that I received some while ago:
Due to the recent upgrade in linkedin you have to upgrade your account to keep using linkedin or your account will be terminated.
In order to login click the link below
to login and wait for responds from linkedin.
We apologies for any inconvenience and appreciate your understanding.
Of course, the link shown above is made up and was not the link in the email, but if I had clicked on that link I would no doubt have been directed to a web page that looks exactly like LinkedIn, and it would have asked for my ID and Password. But instead of actually going to LinkedIn, my ID and Password would have been stored for future attempts at logging into other accounts. If I am typical, that same ID and Password may well get into my iTunes account, maybe my Amazon account (where my credit card information could be found), and any number of other places.
Very simple, low tech, but when thousands of unsuspecting people are involved, this can be quite effective.
How do I know this is fake? There are multiple grammatical errors which I would not expect from a real business, and the link is obviously not LinkedIn. But you can’t count on that as your only safeguard, because many such attempts are much more sophisticated.
So my message to you today, is “never, ever enter your ID and Password on an account that you accessed by clicking on a link in an email.” If you get an email which looks real and you want to check your account, go directly to that account through your web browser instead of clicking on the link in the email.