I said please, just like my mother taught me to do. Regardless, most sane people would at least say no. People may even wonder about my sanity if I dared to ask such a question.
What if I called you on the phone and gave you your mother's maiden name, birthday, and address and then told you that your bank account had been hacked? Then I said that I urgently needed your password so that I could secure your account against suspicious activity. This one sends your head spinning. We WANT to trust a person trying to help us, even if our brain is screaming, don't do it!
There is so much freely available information on the internet; it's not unlikely that someone could know your personal information. Information like:
mother's maiden name,
where you live,
what credit cards you have,
your license plate number,
what kind of car you drive,
a general idea of your credit score,
and even what websites you use to buy stuff!
Some of this information is readily available, other bits take some digging. With all of this information being available, we need to take extra precautions to protect valuable information like social security numbers, passwords, and health records.
It takes a lot of effort to actually call people and scam their bank account passwords from them. It's much more efficient to email thousands or even millions of people and scam their passwords from them. If you haven't seen one of these emails yet, be prepared, they are as disconcerting as the phone call described above.
You can get an email that looks like it's directly from your bank, with the logo, your name, and perhaps other personal information. The email explains that there has been suspicious activity on your bank account and that you need to log in to take immediate action. Since it's urgent, please click on the link provided and log into your account.
You click on the link and are taken to a site that looks like your bank. You enter your username and password. Usually, at this point, nothing happens, or you are redirected to a page that says something like, "Thank you for checking your account. You have completed your account security update." And that's it. The criminals have the username and password to your account.
Let's start off the explanation with a demonstration. Please click on the link to yahoo.com:
If you are suspicious and don't want to click on the yahoo link, good for you! If you did click on it, you saw that you were redirected to google.com. It's easy to make one thing look like another on the internet. In the scenario described above, the email was not from your bank. The link took you to a website that looked like your bank but was really a fraudulent username and password gathering scheme. This type of scam is called Phishing. (Literally, the scammers are fishing for information.)
This story's moral is to be wary of any email or phone call that you get related to financial, health, credit, or similar sensitive information. No legitimate company or provider will want to anonymously discuss such personal information via the phone or email.
If you want to check your accounts online, ALWAYS go directly to the institution's website. Don't trust a link provided by anyone. Most reputable institutions have a fraud@emailbox these days. If you are like me, you get bombarded with phishing scams for PayPal, Apple, and Amazon account usernames and passwords. I forward the email to fraud@paypal, etc. and immediately delete the email.
The critical point that I want to share is that phishing scammers use sophisticated techniques to trick you into giving your usernames and passwords to them. It's not unlikely that they could know your personal information. Be wary of any email or phone call that you get related to financial, health, credit, or similar sensitive information. If you want to check your accounts online, ALWAYS go directly to the institution's website. To learn more about password safety, please read my previous post: The (Virtual) Keys to Your House.
Contributed by Jeff, Library Unicorn Technical Support