Continue to Site

Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

Register Log in
  • Congratulations KootK on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!

phishing risk as P.E. 2

Status
Not open for further replies.
electricpete

electricpete

Electrical
May 4, 2001
16,774
It strikes me there is an attack vector to be phished via the publically available info about you as a PE. Well of course it's not that much a risk if you use normal good phishing resistance practices, but here's how it would work:

* starting with either a last name or a PE number, someone can pull up the other piece of information (your PE number or your last name) as well as dates associated with your PE, current employer, discipline etc.
* That seems like information that could be used to put together a personalized phishing email asking you to renew, with a link leading to a website (indeed my own state sends such link within their email), which would lead you to a pe renewal look-alike site that could havest at least your payment details.

Of course the standard practice to protect yourself is never follow the email link... go to the known correct website yourself. And that would protect you from any phishing. I suspect most here know that.
 
Replies continue below

Recommended for you

Sort by date Sort by votes
I 100% agree this is a phishing risk. Some of the ways I avoid this risk for both my PE and business registrations:
1. I use a unique email for each service that forwards to my main email (simple login or 33mail). This way, if they mine my email and send a phishing email, I know where the email got mined from and can just delete the email address and create a new one. I will never receive an email from that email address again. This keeps my main email private.
2. I never give my home address (even when they say you are suppose to...). I have a PO box for my business that I usually use. If they require a non-PO box address, my registered agent (for LLC) allows me to put their address and will forward any mail that goes there. This keeps my home address private.
3. I pay for a service that contacts all the people search websites to demand they remove my information. Google yourself to see what all is on these people search sites (truthfinder.com for example). This keeps my home address, wife's info, parents' info, emails, phone numbers, etc. private.
4. I use a VOIP phone number for business and never give out my personal number for anything online. I also use VOIP number for 2-factor authentication when code generator is not an option.
5. Always use a password generator and 2-factor authentication (preferably not SMS to avoid sim swap risk).
6. Some states have an option to keep your information private when doing initial registration or renewals. I always select this.
7. Never click a link in an email as you mentioned. Always go directly to the website to login.
8. My credit card service allows me to create a new card number for a single purchase to avoid giving out my real card number. There are services that do this too (privacy.com for instance).
 
Upvote 0 Downvote



electricpete said:
which would lead you to a pe renewal look-alike site that could havest at least your payment details.
Click to expand...
Seems like the risk of someone stealing your payment info would be more likely at a restaurant or just thru e-commerce.
Big deal if they do. You are not responsible for it. Get a new card and move on.
If someone wants to steal your identity as a PE, they can just go buy a stamp with your name and number on it and get to work.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

skeletron
  • Locked
  • Question
As-built / Record Drawings
Replies
19
Views
904
JStephen
JStephen
Colcav
  • Locked
  • Question
Difference between a Supplier and a Vendor as defined in API RP 588 Source Quality Surveillance
Replies
3
Views
157
Colcav
Colcav
milkshakelake
  • Locked
  • Question
DBA (doing business as)
Replies
10
Views
151
milkshakelake
milkshakelake
skeletron
  • Locked
  • Question
Small job management/risk
Replies
4
Views
60
Sparweb
Sparweb
skeletron
  • Locked
  • Question
Documentation and checklists: How to sell as a product 1
Replies
16
Views
165
UpperDeck
UpperDeck

Part and Inventory Search

Sponsor

Back
Top Bottom