×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

phishing risk as P.E.
2

phishing risk as P.E.

phishing risk as P.E.

(OP)
It strikes me there is an attack vector to be phished via the publically available info about you as a PE. Well of course it's not that much a risk if you use normal good phishing resistance practices, but here's how it would work:

* starting with either a last name or a PE number, someone can pull up the other piece of information (your PE number or your last name) as well as dates associated with your PE, current employer, discipline etc.
* That seems like information that could be used to put together a personalized phishing email asking you to renew, with a link leading to a website (indeed my own state sends such link within their email), which would lead you to a pe renewal look-alike site that could havest at least your payment details.

Of course the standard practice to protect yourself is never follow the email link... go to the known correct website yourself. And that would protect you from any phishing. I suspect most here know that.
Replies continue below

Recommended for you

RE: phishing risk as P.E.

2
I 100% agree this is a phishing risk. Some of the ways I avoid this risk for both my PE and business registrations:
1. I use a unique email for each service that forwards to my main email (simple login or 33mail). This way, if they mine my email and send a phishing email, I know where the email got mined from and can just delete the email address and create a new one. I will never receive an email from that email address again. This keeps my main email private.
2. I never give my home address (even when they say you are suppose to...). I have a PO box for my business that I usually use. If they require a non-PO box address, my registered agent (for LLC) allows me to put their address and will forward any mail that goes there. This keeps my home address private.
3. I pay for a service that contacts all the people search websites to demand they remove my information. Google yourself to see what all is on these people search sites (truthfinder.com for example). This keeps my home address, wife's info, parents' info, emails, phone numbers, etc. private.
4. I use a VOIP phone number for business and never give out my personal number for anything online. I also use VOIP number for 2-factor authentication when code generator is not an option.
5. Always use a password generator and 2-factor authentication (preferably not SMS to avoid sim swap risk).
6. Some states have an option to keep your information private when doing initial registration or renewals. I always select this.
7. Never click a link in an email as you mentioned. Always go directly to the website to login.
8. My credit card service allows me to create a new card number for a single purchase to avoid giving out my real card number. There are services that do this too (privacy.com for instance).

RE: phishing risk as P.E.




Quote (electricpete)

which would lead you to a pe renewal look-alike site that could havest at least your payment details.
Seems like the risk of someone stealing your payment info would be more likely at a restaurant or just thru e-commerce.
Big deal if they do. You are not responsible for it. Get a new card and move on.
If someone wants to steal your identity as a PE, they can just go buy a stamp with your name and number on it and get to work.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members! Already a Member? Login



News


Close Box

Join Eng-Tips® Today!

Join your peers on the Internet's largest technical engineering professional community.
It's easy to join and it's free.

Here's Why Members Love Eng-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close