Excerpted from The Password Book.
One of the most common ways to be scammed online is to fall victim to a “phishing email.” (See http://jmlinks.com/36h for a definition).
You are sent an email that purports to be from a friend or relative, your bank or credit card company, PayPal, Google, or Facebook, or perhaps one that claims you’ve won a sweepstakes or even a large sum in the lottery. All you have to do is click on an attachment, which may look like a harmless Microsoft Word document or even a common Adobe PDF. Another variant is to trick you into “reverifying” your login and password at a “spoofed website,” a website that looks like Amazon, Gmail, Facebook, etc., but really isn’t.
By clicking on the email attachment, however, you install a virus or malware program to your computer that surreptitiously gives the thieves full control of your device. Or, if you reverify on the phony website, you’ve given the thieves access to your account. If you fall for it, in other words, you’ve been “phished.”
And if you think you’re too smart to be “phished” by phone or by email, yet another variant of phishing is spearphishing, in which first they “phish” a friend of yours, and then they impersonate that friend via email or Facebook to trick you into clicking on an attachment or providing key information. In this template, you don’t get an email that pretends to be your bank, Amazon, Facebook, Gmail, AOL, etc., but rather you get an email that pretends to be a friend or colleague, and that email tricks you into giving out required information. The spearphishing request can come by email but scammers can also use Facebook messenger or posts, or any other communication technology. (This is how John Podesta, Chairman of Hillary Clinton’s 2016 Presidential Campaign was tricked into giving access to his emails, and – as they say – the rest is history).