Phishing and fishing are homophones — two words that sound the same but have quite different meanings.

The latter is fun and can yield a catch of trout, bass, perch, et al.

The former can be trouble, and the American Bankers Association and local leaders have spent the month of October warning people not to be "caught" in a phishing scam during National Cybersecurity Awareness Month.

According to Merriam-Webster Dictionary, phishing is "the practice of tricking Internet users — through the use of deceptive email messages or websites — into revealing personal or confidential information which can then be used illicitly."

Terry Baker

Terry Baker

Terry Baker, association executive for Cape Girardeau-based Southeast Missouri REALTORS said it is difficult to overestimate the threat.

"(Phishing) scams related to real estate continue to rise, so consumers should remain vigilant in protecting their information," Baker said. "Last I saw, real estate and rental wire fraud was ranked No. 7 out of more than 30 different types of fraud tracked by the FBI. If someone is involved in a real estate transaction and receives something from the bank, from a title company or even your Realtor asking for personal information, take a moment before acting. Pick up the phone, call and verify the request. Don't ever email your personal or financial info."

Lucrative scam

Federal Trade Commission estimates consumers lost $8.8 billion in phishing and other fraud in 2022, an increase of more than 65% compared to 2021.

Dan Wyatt

Dan Wyatt

Dan Wyatt, who graduated from Marble Hill, Missouri's Woodland High and from Southeast Missouri State University in 1995, is MRV Banks' chief technology officer.

"A lot of times these bad actors will send out an email blast with a message to several thousand emails at one time, hoping to get one or two or perhaps as many as 10 people to reply back," said Wyatt, who points out the simple act of replying to a phishing scam can have devastating results.

"Fraudulent users could run a script on your local computer, your desktop or laptop, allowing them access to your data. Another way phishing works is bad actors will send a link. If you click on it, which is invalid, they can grab your online credentials."

Filters

"Your spam folder will generally grab emails that have gone out to a lot of people or will have originations from one source that do not look correct. You could actually spoof, or pretend to be someone else, in an email," Wyatt said.

Sophistication

Wyatt said those engaged in phishing fraud have upped their game.

"Don't rule out the impact of generative artificial intelligence, or AI, to create a better crafted email that looks genuine. In the old days, when we all were younger, you'd see misspellings and improper English a lot. Now the fraudsters are getting to the point where their emails appear more legitimate and it's getting harder to determine obvious scam efforts," he said.

Being on guard

Wyatt said customers can protect themselves from being drawn in by a phishing scam by remembering something important.

A bank, for example, will never ask for a person's username or password — and phishing scammers often request this information, he said.

"A bank would want to verify that you are who you say you are but that generally happens when a customer calls us. We'd never call and ask for a Social Security number or an account number, for instance," Wyatt said.

Creative 'crooks'

Wyatt said those involved in phishing pay attention to the news.

"There might be a natural disaster and emails will be sent to thousands of people requesting donations, but if you respond and give electronically, your money may not get where you wanted it to go."

MRV has to warn its employees about phishing attempts about once a week, Wyatt said.

Suggestions

Cybersecurity & Infrastructure Security Agency (CISA) was created in 2018 under the auspices of the Department of Homeland Security.

CISA recommends the following steps for consumers to prevent becoming victims of phishing and other fraud.

• Use strong passwords. Employ long, random and unique combinations of upper and lower case letters, numbers and symbols.
• Turn on MFA. Multi Factor Authentication (MFA) is an extra level of security.
• Recognize and report phishing. Attempts to "phish" should be reported to legitimate authorities — e.g., banks. Phishing messages should be immediately deleted.
• Update software. Accept the latest security "patches" and updates on personal devices — phones, laptops, desktops. Regularly check for updates if automatic ones are not available.

More information is available at www.cisa.gov/cybersecurity-awareness-month.

Do you want more business news? Check out B Magazine, and the B Magazine email newsletter. Go to www.semissourian.com/newsletters to find out more.