HOW TO
SPOT AND AVOID PHISHING EMAILS
While we may envision hackers sitting in dark rooms
hovering over computers with lines of code scrolling down their screens, the
portrait of modern hackers is much more sinister. In fact, today’s hackers and
cyber attackers are much more akin to the con artist or snake oil salesman of
old.
Instead of using technical skill
to infiltrate complex computer networks, most attackers use good old-fashioned
deception and trickery to acquire information and money from their unsuspecting
victims.
Yet despite more awareness about
phishing than ever before, phishing attacks have increased exponentially in
recent years, with 92,000 phishing attempts every month, a reported 5,753%
increase since 2004.
The truth is, cybercriminals are
getting better at their craft. While it was once a fairly simple matter to
identify phishing emails designed to part you with your money or personal
information, it’s more difficult than ever to separate legitimate emails from
fraudulent ones.
But there are ways to protect
yourself and your business from being victimized. The key is education. Knowing
what to look for makes it easier to unmask the marauders before you become
their next victim. Here are some tips to help you identify phishing attacks and
keep your money and your personal information out of the hands of
cybercriminals.
EMAILS
CONTAINING THREATS OR TIME-SENSITIVE REQUESTS
Phishing emails often have an
urgent or threatening tone to them, requiring you to click a link or open an
attachment to avert a problem or avoid an account shutdown. Cybercriminals use
threats or a sense of urgency to scare you into acting quickly, without
thinking.
These emails may ask you to
verify your account information, log in to your account, or fill out a form to
correct an urgent problem.
Many of these emails look totally
legitimate, complete with the brand logos and links to legitimate companies.
And thanks to the growing sophistication of hackers and the availability of
data on the internet, many of these emails may also contain personal
information, such as your name, email address, or even your password.
Any email that you receive that
requires immediate action should send up a red flag. Don’t simply react. Take
time to step back and evaluate the situation first.
BAD
GRAMMAR OR SPELLING MISTAKES
While any email can contain a
spelling error or two, most legitimate emails don’t contain gross writing
errors.
Phishing emails are often sent
from other countries, where English is not the primary language, so if you see
‘bad English’ it’s usually a good sign that an email is spam, if not an
outright phishing attack.
Here’s a great example of a
phishing email that is difficult to read due to its poor grammar:
Note that hackers do seem to be
grasping the English language more effectively these days. You may have to read
more carefully to uncover missing words, awkward language, or other common
mistakes.
GENERIC
GREETINGS
Phishing emails may contain a
generic greeting like Dear PayPal Customer or Dear Account Holder instead of
your name.
While this is often the case, we
still urge you to be suspicious, even if your name is in an email.
Cybercriminals often find your name or other personal details on social media websites.
SUSPICIOUS
HEADER INFORMATION
The header of every email you
receive contains these fields:
From:
To:
Subject:
To:
Subject:
Phishing emails often contain
suspicious or obviously incorrect information in the From: header like this:
Keep in mind that some
perpetrators also purchase domain names that look like the real ones. For
example, they might register out1ook.com, which looks a lot like outlook.com.
Be sure to look at the email address carefully to notice any discrepancies.
FAKE OR
SUSPICIOUS LINKS
Never click ANY links in an email
you suspect could be fraudulent. While a link may look legitimate, there is
often a suspicious link hiding underneath the link text. To see where the link
will take you, simply hover over the link with your mouse (being careful not to
actually click on it).
You can see the hover technique
demonstrated in the example below:
Further inspection of this email
also revealed suspicious links in the boilerplate text toward the bottom of the
email that, at first glance, appear legitimate.
In fact, the text looks almost
identical to the text at the bottom of legitimate emails from Chase, as seen in
the screenshot below.
Notice there are only slight
differences between the fake email above and the text in the legitimate email
below. Can you spot the differences?
REFUNDS/REBATES
It’s not uncommon these days to
receive an email that announces an unexpected refund from the IRS or an account
credit at Amazon.com. These emails appear legitimate because they often contain
company or government logos and even valid contact information.
It’s easy to fall prey to these
emails because they appear to be a simple correction for an oversight or error.
The real motive behind these
emails, though, is to get you to click the link to claim your refund and log in
to what appears to be the company’s official website. After you type your login
information, the scammer can access your legitimate account or sell that
information for profit.
That’s why it’s so important to
scrutinize links in any email carefully, even if it appears to come from a
legitimate source. If you are ever in doubt, contact the company directly or
visit the company website without clicking any of the links in the email.
QUICK TIPS TO AVOID BECOMING A VICTIM
- Never click a
link or open an attachment in an email if you are unsure of its source.
- Be suspicious
of any email you receive that asks you to reveal or verify personal
information such as account numbers, passwords, social security numbers,
credit card numbers, etc. Reputable companies will not ask for this
information via email.
- If you’re concerned
about an email you received, call the company. Don’t use any phone numbers
or other information from the email, though. Look up the company’s website
or find their phone number on a recent statement or in other legitimate
correspondence.
- Assume any
offer that’s too good to be true actually is. Avoid falling victim to
emails that promise a big return for very little work.
- Be especially
suspicious of donation requests to charitable organizations after a recent
disaster. Many of these are phishing emails designed to take advantage of
your compassion to capture your credit card information. If you want to
help, seek out legitimate charitable organizations and visit their
websites directly.
- Use anti-virus
and anti-spam software and keep your web browser, email program and
operating system software up-to-date by installing recommended updates. If
you’re a business owner, make sure your IT company is
handling these updates for you on a regular basis.
- Change your
account passwords regularly and log-in to your accounts frequently to
check for suspicious activity.
It’s clear that staying ahead of
the bad guys is getting harder and harder every day. But being vigilant and
taking the time to think before we act can help turn the tide in our favor and
keep our valuable information and hard-earned money out of the hands of thieves
and con artists.
No comments:
Post a Comment