Cybersecurity: Rotten Phisherman!

Cybersecurity: Rotten Phisherman!
Robert Londin (Photo provided by Jaspan Schlesinger LLP

By Robert Londin, Esq

In these times of pandemic, many good people continue to help others. Unfortunately, there are those that continue to prey upon others by casting snares to compromise confidential and sensitive information like social security numbers, credit card numbers, and passwords.
This is known as “phishing” and the ordinary citizen would be surprised at the sophistication of these attacks, the simplicity of these attacks, and the effectiveness of attacks on personal data.

Phisherman’s Tools of the Trade
The phisherman’s bait box includes worms like malware, link manipulation, “spearphishing,” “spoofed” emails, and other sophisticated techniques designed to ensnare your private and confidential information.

This article will serve only as a brief and general description of more prevalent phishing hooks/bait and some common sense wake-up calls and protections to combat the unwanted trawler.

Common attacks include emails that can contain malware and other nasty “launchables.”

Attacks can allow the cybercriminal to track your keystrokes, gain access to your data, and authorize your device to run other functions and programs. The criminal casters can “spoof” legitimate vendors. Did you get an email about tracking a surprise FedEx delivery, resetting a password, an “automatic response” from a vendor/email you did not contact, a failed log-in attempt, confirming a purchase, or renewing your virus protection software?

Also, some phishing emails can blindly extort you by notifying you that your private information or photos have been accessed, and then demand a ransom. For businesses, hackers gain access to key information systems via compromised passwords or other weak IT security protocols, and then cripple the business by shutting down information technology systems until a ransom is paid.

Although credit card companies and financial institutions greatly enhanced their fraud prevention programs, these programs result in email traffic confirming purchases which means you must increase your diligence to sort out the bona fide notifications.

The Catch
So, what’s a phisherman desired catch? Tasty hooked information includes: access to laptops and personal computers, passwords, Social Security numbers, access to bank accounts and credit card numbers.

Many times, the phisherman sells your information on the dark web. That’s how they make their money. The buyer of that info, in turn, makes new credit cards and then sells those cards to the shoppers.

Shark Repellants
So, what are some very basic protections that we “phish“ can use to avoid the hook? Here’s a brief list of some anti-phishing tactics:
* Never provide your Social Security number or any private or confidential information if you have any doubts.
* Regularly change your passwords. Make your passwords somewhat complex by using numbers and symbols and a mix of both upper case letters and lower case letters. Never use the same password for different vendors, websites or financial institutions (otherwise one password breach will ripple through your pond of privacy and financial protection).
* Don’t click on suspicious email-embedded links.
* Don’t store credit card numbers on websites. Otherwise, you are trusting that vendor’s security protocols.
* If you think there is a remote chance that the request for information is for a legitimate reason, don’t reply to an email, don’t click on any embedded link, and (in the case of a phone call) hang up the phone first. Then, find out the legitimate contact information of the subject vendor, confirm that contact information, and then call them directly (or visit their website via your own direct search).
* In the case of apparent spoofed emails, run your cursor over the sender’s email address. If the email shows to be a gmail account or a strange-looking email address with lots of numbers and/or a suffix not related to the vendor, delete the email.

If you feel like a credit card alert could be legit, download the financing institution’s bona fide app to your phone and monitor your purchases via secure application.
* On your cell phone, each time you get one of these unsolicited phishing calls, block the number. If your home phone number is supported by VOIP, you can also block numbers via your service provider’s. Using the national Do Not Call Registry is a good idea (

* Add a credit monitoring app to your phone. If your information has already been compromised upgrade to a monthly subscription service that’s more aggressive in its monitoring. In addition, by contacting any of the four major credit agencies (EquiFax, TransUnion, Innovis and Experian), you can put a personal “credit freeze” in place.

With a credit freeze in place at any one of the major agencies (the agencies share freezes with each other), no third-party can pull credit on you without having the freeze lifted which can only be done by your action. The service protects from unauthorized credit checks.

* Ignore general solicitations for investment in your business through people you don’t know. Share information only after vetting a third party, then seek out an attorney to draw an appropriate confidentiality agreement for your business which includes a no-solicit provision.
* Yes, we all want to increase our social networking profile. But, accepting a new friend or a new LinkedIn contact may come at a cost. Take the time to vet their background through publicly available tools.
* Don’t engage anonymous extortionists or blackmailers (unless they separately convince you that they do truly have the goods on you and, in which event, consider hiring a private detective, lawyer and reaching out to the police).
* For businesses – train your employees. Teach them to report any potential incursions to your IT department. Discourage (or prohibit) Internet browsing from company devices. Make sure that employees regularly change passwords.
* Putting two-factor authorization on websites and applications is great protection.
* While reviewing your (snail) mail, sort it and when done, SHRED all mail that contains personal information. Using can also reduce your junk mail.
* There are websites (like that can help you check for phishes and scams. If you are presented with an email or phone call that’s suspicious, describe the suspicious request and add the word “scam“ or “phish“ to a Google search. You can also Google the sender’s email or phone number (again, with the word “scam”).
* Listen to your “Little Voice.”

If something seems suspicious or too good to be true, listen to your intuition.
Those are just some basic tactics that you can take to stay off the hook and protect your privacy and wallet.

Remember, as we get smarter, phishermen get more creative!

For more information, please contact attorney Robert Londin ([email protected]).
Robert Londin, Esq., is a Partner at Jaspan Schlesinger LLP in Garden City, NY

No posts to display


Please enter your comment!
Please enter your name here