The term pwn (pronounced “pown” – like own but with a p at the beginning) comes from the gaming world and means dominating your opponent. A software developer’s typo became a nerd legend.
Fast forward to the present and the online world, and being pwned takes on a more sinister meaning. In this context, being pwned means that a hacker or scammer has acquired your account information from a data breach of a company or online service you use.
A bad actor can use your email address or phone number and pretend they are you – a practice called spoofing. They can access your friends or connections on social media and scrape publicly accessible information from websites like phone numbers and email addresses. The scammer can send smishing texts, vishing phone calls, and phishing emails that appear to come from you or someone you know (spoofing). Sending spoofed messages with a call to action (CTA) is called social engineering.
Scammers want to trick you into doing something using a CTA, such as providing them with account passwords, gift card numbers, or access to computers and bank accounts. They may also want your personally-identifying information to open credit and other accounts in your name (i.e., identity theft).
The primary risk is responding to or clicking on links within text messages and emails from the scammer. Removing your contact information from websites and social media is one way to avoid spoofing and online scams. More secure often means less convenience. While removing your contact details from websites is more secure, it makes contacting people more difficult.
Meanwhile, stay vigilant and question texts and emails that have a CTA or elicit an emotional response.
If you receive messages allegedly from people you know containing unusual requests:
DO use an alternative means of contact (phone call, FaceTime, different email or phone, etc.) to verify the sender and the message.
DO NOT reply to or click links in suspicious messages. If you already did, don’t provide any more information or respond to any replies.
To check whether your email address and other personal information were harvested in a data breach, go to https://haveibeenpwned.com/.
If your information was captured in a company data breach, I strongly advise you to either immediately change your password or delete your account if you no longer use the service.
Please contact Prime of Life Tech for technical support and assistance improving security on your devices.