Cybercrime is a major problem that businesses have to confront today. Phishing attacks are something that everyone needs to be alert to, so you can identify them quickly and avoid the damage that can ensue. Let’s look at some ways to identify suspicious messages and email scams.
There’s a reason why phishing attacks are so popular with cybercriminals. It’s that the barriers to entry are relatively low. Thanks to the movies, we sometimes romanticize the image of the computer hacker. We imagine an evil genius, his fingers dancing across a keyboard, in a dark room lit only by a wall of computer screens. In reality, it’s not so much about fancy programming skills, but has everything to do with psychology and user manipulation.
Think of it like this: is it easier to learn how to pick a lock, or to persuade someone to hand over their keys? Phishing is about fooling people to hand over the keys voluntarily. It’s an easier and more effective method. Emails and websites that look perfectly genuine can easily trap you into a scam, especially if you’re not expecting a scam to take place. A typical phishing email looks perfectly innocent. Let’s say it’s something purporting to be from your bank. It may look fine, with a familiar logo, address and contact information included. It may even pass through any filters you’ve set up to organize your emails without any issues. At a glance, nothing looks odd. And that exactly how a phishing email gets past you. On the plus side, phishing emails themselves aren’t usually a threat. It’s the risky links and malware-laden attachments that are the problem.
There’s a process you can follow to identify problem emails and scams. First, check its tone. Is it an offer that’s too good to be true? Is it overly urgent? Is it a request for information on one of your accounts that’s appeared completely out of the blue? If so, be alert. DON’T CLICK ON ANY LINKS to try to investigate further. Check out the URL. If the email is from Amazon, it should lead back to amazon-dot-com. There should not be anything between ‘amazon’ and ‘dot-com’. Also, there should always be a forward slash (/) after ‘dot-com’.
Let’s look at some details, using Paypal as an example:
paypal.com – Safe
paypal.com/activatecard – Safe
business.paypal.com – Safe
business.paypal.com/retail – Safe
paypal.com.activatecard.net – Suspicious! (note the dot immediately after the PayPal domain name)
paypal.com.activatecard.net/secure – Suspicious!
paypal.com/activatecard/tinyurl.com/retail – Suspicious! Again, it’s the dot after the domain name.
Also examine the email address in the header. Google isn’t going to email you from the address ‘firstname.lastname@example.org’. If anything seems odd, do a quick web search to check it’s for real.
As mentioned, attachments and links are where the real dangers of phishing emails lurk. We can’t say it often enough – DON’T CLICK THE LINKS OR OPEN ATTACHMENTS. Also be wary of any password alerts, or password reset requests. If it’s designed to make you enter your password, then there’s a good chance it’s a scam attempt.
We’re not saying you should treat all your emails as potentially dangerous. Well, we are, in a way. Just be alert and sceptical and don’t take the legitimacy of incoming mail for granted. You can also use a reliable spam blocker, which should weed out most phishing attempts.
Do you need help with email security? The professionals at Quikteks can help, so call us on (973) 882-4644.