3 Ways to Shift from Indulgence to Independence

August 19, 2019

View Article
Lindsay B. Waltower, MBA, CAP

Lindsay B. Waltower, MBA, CAP

Financial Professional



Subscribe to get my Email Newsletter

April 3, 2019

Phishing, Part 2

Phishing, Part 2

Phishing can be perpetrated via text or voice (and it may even be done in person).

Here are a few pointers on how to avoid becoming a victim. Since subtle phishing attacks can be very sophisticated, you should always be alert and proceed with caution when interacting online or when giving out your personal information.

Avoiding phishing in text…

1) Know and trust the hyperlink.
It’s important to be on the lookout for phishing attempts both in your private and professional life. Obvious scams that show up in your spam folder – like a solicitation to invest in an overseas company you’ve never heard of – are easy to avoid. But what if you receive a message from an “old colleague” with a link to their Facebook page or their new business? Would you click it? If yes, before clicking, would you check the link address at the bottom of the browser or your email client? If not, and that old colleague isn’t who they claim to be, you might become the victim of a phishing attack.

A stop-now red flag is when the link doesn’t look like it will go exactly where it says it will. The email message may show the text “www.example.com” which looks legitimate, but in reality this link leads to “www.this-is-a-scam.com”. That’s an obvious one, but scammers are clever. The deception could be something less conspicuous, wherein www.example.com would lead to www.exanple.com. If you’re not paying close attention, the latter might be an imitator site.

2) Be wary of impostors
Once the victim lands on www.exanple.com (with the “n”), they may not notice the site isn’t authentic. A good rule of thumb is that after you click a link – after determining as best you can that it is legitimate, of course – you should always double check the URL bar to ensure it is the website you intended to visit. If the visuals look like what you were expecting but the address in the URL bar is not, then it could be an impostor site. If you enter any personal information on this page, you may be directed to a fake internal site or receive an error that asks you to try again later. While you wait to try again, the phisher can take the information you just sent them and do the damage.

Shortened links can present a problem, since they offer legitimate uses for many messaging services to help trim character counts. Unfortunately, this means it is easy to hide the true destination until the person clicks the link and lands on a malicious page. It is essential to check the URL bar in the browser to ensure you are where you want to be.

3) Be aware of what information you make public
Social media is a treasure trove of personally identifying information. Attackers don’t even need to really phish for it since there are some nefarious techniques they can employ, like utilizing memes and social media response posts. For example, a post may ask for three pieces of information about you to generate your “Hollywood nickname”: your first pet’s name, your high school’s first word, and the name of the street you grew up on. You might end up with something like “Fluffy North Oak”. Amusing? Sure. But those three words are partial answers to commonplace security questions that grant access to bank accounts, corporate IT systems, and other valuable entities, as well. If the attacker knows that information about you, they may be able to thwart one more layer of IT security.

Avoiding attacks on the phone…

1) Know the right number
Phone- and voice-based phishing tends to rely heavily on high pressure tactics and smooth talking. If you get a call you’re not expecting from someone you don’t know, you should immediately be on your guard. If someone calls claiming to be from your credit card company, do not give them any important information. Tell them you will call back. You should then look up the correct number on their website or your bill and call that number to avoid connecting to a fraudster. If the other party then insists you talk to them during this call or that they call you back, then there is a good chance they are not actually an employee of that company.

2) Be wary of driving callers
Driving callers are those that keep pushing you to answer. This type of caller will encourage you to do something and may even become angry if you do not comply. Many people, to restore social cohesion, will comply. That can quickly lead to divulging personal information. If someone is pressuring you on the phone, you should be very wary of giving them the information they want.

They might make claims like they are government officials investigating a case, that you owe their company money for some obscure subscription you supposedly bought years ago, and other high-pressure scenarios. Conversely, they may try to use other tactics like guilt. They may state that if they do not resolve this issue with you, right here and right now, they will be fired or not have enough in their next paycheck for rent. Don’t fall for these tactics and remain alert.

Follow your instincts
If your gut is telling you that a situation feels off, then listen to it. Always do your due diligence to stay safe online and before you share personal information. This can’t be said enough – if something seems like it’s too good to be true, then it probably is.

  • Share:

April 1, 2019

Phishing, Part 1

Phishing, Part 1

If you’ve ever peeked in your spam folder, you’ve probably noticed multiple emails from people claiming all sorts of nonsensical and unbelievable things.

It is not recommended that you open these emails, but be aware they most likely contain links that will claim to send you to a particular webpage but in fact will send you elsewhere.

This is an example of “phishing”, and thanks to advanced spam filtering today, you may never have to deal with these kinds of threats directly. But there are other kinds of phishing you should be aware of.

What is phishing?
Phishing is the act of looking for individuals who are willing to hand over their important personal information. One technique is to use a “shotgun approach”, where the phisher attempts to contact as many people as possible. General phishing like this relies on large numbers: Even if the probability that someone would actually give their information to a phisher is something like 0.001%, if the attack vector reaches 100,000 people – which isn’t unusual – there is that chance there will be at least one victim.

Phishing can also be targeted, in which the attacker directs the strike against a particular individual. This type of attack usually involves employees of an organization or high-ranking officials, as these targets are the most valuable. This kind of phishing often requires a degree of social engineering as well, wherein the phisher may appeal to various tactics to gain information. They may pose as coworkers or customers who have lost their passwords, for example, or they may try to subtly encourage the victim through conversation.

An example of conversational phishing may unfold as follows:

Through a seemingly normal conversation with a stranger, the attacker volunteers information about their own (fictitious) children, then asks the victim about their children. To follow social norms and reciprocate, the target may provide information like school holidays, partial names, or even birthdates. This may be inadvertent, like mentioning their child recently had a birthday party. School holidays can be cross-referenced against nearby school districts to potentially find the school the victim’s children attend. Once neighborhoods are determined, this could connect to full names or addresses of the victim. And since names and birthdates are still used by many people as passwords (not recommended), this could be a lead for the phisher. Armed with passwords, addresses, birthdates, and names, a lot of damage can potentially be done.

Phishing and hacking
Since high-value targets are more likely to be educated in internet security and less likely to fall for simple spam email attacks, phishers may use more subtle tactics. These kinds of attacks usually occur against people at work. A lot of IT security relies on trust, since employees need to be able to access the systems to do their work. If someone’s credentials are compromised, though, the person who has those credentials can potentially infiltrate the IT system. This is how a lot of “hacking” is perpetrated. Certainly there are plenty of attacks against software code, but if an insider can be compromised, it may be quicker, easier, and less detectable than finding a hole in the system’s security. So phishing is a prime tool for hackers, simply because humans are more easily hacked emotionally and psychologically than IT systems with established electronic security measures.

Most people should already be aware of shady tactics a phisher might use to gain access to sensitive information – but if these attacks didn’t work, no one would use them. So someone out there must be falling victim. Make sure it isn’t you.

  • Share:

March 11, 2019

Does healthy living have to cost more?

Does healthy living have to cost more?

Many of us may be chair-bound during the workday and may come home lethargic and sluggish – seeming results of a sedentary lifestyle and some potentially unhealthy habits of office life.

You might be itching to break this cycle and establish some healthier habits for yourself, but you don’t want to break your budget either.

If you’re interested in improving your healthy habits – but aren’t interested in spending a lot of money to do it – read on!

Getting more exercise
Many people equate maintaining a regular exercise regimen with an expensive gym membership, but you don’t have to have one to exercise. One can perform body-weight exercises just about anywhere, so getting in some sit ups, push ups, squats, and a brisk jog can be free of charge. Other body-weight exercises, like pull-ups, may require finding a place to do them, but all one needs is a horizontal bar. This can range from a sturdy tree limb to the monkey bars at the playground.

Not sure where to begin? There are a myriad of free videos and programs online for all ages, goals, and body types. (As always, get your doctor’s approval before starting any exercise program.) If an exercise program is all new to you, you might want to start with only 10-15 minutes, then work up from there.

It does require forming a habit to establish a regular exercise routine. For that reason, it’s a good idea to build exercise into a part of your day. That way, a sense of something missing may arise when the exercise is not completed, which can be a motivation to get the workout in.

Eating healthy
This one may be a little harder to solve than the exercise issue, because saving money on your food bill may require a bigger time commitment than you’re used to, with additional shopping and food preparation. The good thing about fruits and vegetables is that many of them can be eaten raw with minimal prep time.

Internet shopping provides a myriad of resources for finding good deals for nutritious foodstuffs. If you’re feeling more adventurous and don’t mind getting your hands dirty, there may also be a local communal garden[i] in your area. Some apartment complexes offer their roofs to be used as gardens, and for those with no other options, growing right in your high-rise apartment is feasible[ii]. One of the best parts about gardening? It may give you some exercise in the process.

Unfortunately, most people can’t raise their own livestock, so for meat (and alternative protein sources) online delivery is an option, as well as shopping sales and using coupons at your local grocery store.

If all of this seems like too great of a commitment (admittedly it may take some extra work), there are other ways to start the journey without running headlong into an agricultural venture. Simply avoiding processed and fast foods is a start, as these options can be more expensive and may offer less in the way of solid nutrition. And if you find the “healthy” option too bland, make a pledge to yourself to stick with it until your taste buds become accustomed to the new foods, or experiment with spices and herbs to increase the flavor intensity.

Eating healthy and beginning an exercise program certainly demand a degree of attention and commitment, but they do not always require a lot of money. Regardless of what advertisers want you to believe, it is possible to stay in shape without a gym membership or expensive home gym equipment, and you can eat healthy without spending a week’s paycheck in the grocery store’s organic aisle.

  • Share:


[i] https://www.organics.org/get-your-neighborhood-growing-how-to-start-a-communal-community-garden/
[ii] https://dengarden.com/gardening/edible-plants-you-can-grow-in-your-apartment

Subscribe to get my Email Newsletter