Beware the Phishing Season

Submitted by Donald McNeil, J.D. - Professional Issues Committee Member

The much-anticipated Minnesota fishing opener is set for May 9, 2015. You, however, have been the subject of open Phishing every day, and even as you are reading this article, someone is plotting away to have you part with sensitive, confidential financial information that belongs to you or your customer. Be careful, because, if they are successful, you will be on the hook in more than one way.

Phishing is a criminal effort to acquire access to information such as usernames, passwords, and credit card details by masquerading as someone else in an attempt to access accounts and money. The criminals spend every day coming up with new ideas, including the more recent “spear phishing” that gathers personal information about the target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks and uses information found on social media to make the phishing expedition more likely to get a nibble on the line.

Some fishing lures just are not effective and it is hard to imagine how they catch anything. The Nigerian princess that needs help transferring $10 million is about the same as using corn on a hook to bait a walleye; it’s just not going to work. However, an email purportedly from your equestrian-loving customer needing a transfer of money for the purchase of a horse may succeed. Such personal information is often readily available when the privacy settings on your customer’s Facebook page are set low.

There have been a number of successful phishing trips lately.Pretending to be the IRS continues to be a popular tactic to part the recipient with confidential information. An email from a trusted college domain that has been hacked remains a nifty way to set a hook. And last year, receiving an email from an attorney with the zip file proved to be irresistible to many.

The number one way for you to remain off the hook continues to be a phone call to your customer to verify the source of the email. There is nothing better than the old-fashioned telephone call followed up by written authorization before sharing information or transferring money. Remember, it remains open season and you are a prime target. Stay aware, my friends.