Gone Phishing
Fake emails are probably sitting in your inbox right now, announcing a new deposit to your Bitcoin balance or claiming you’ve just won a brand new smartphone. It’s aso likely there’s a burning call to action in the subject line, igniting your natural curiosity and compelling you to click. After all, who wouldn’t be thrilled at $12,345.67 in untraceable, free electronic money just waiting to be claimed? And everybody loves a new smartphone, right?
Except that you don’t have a Bitcoin balance because you don’t even have a Bitcoin account. And the return email address from the smartphone announcement isn’t from the brand name manufacturer but instead just a string of gobbledygook that looks extremely hard to pronounce.
Internet scammers send millions of emails every day that attempt to make us believe they are legitimate. Messages include original logos, headers and footers, even hyperlinks and ultra-tempting attachments. What they miss out on, however, is a real email address from a real person at a real company.
Phishing emails dangle tasty bait in front of distracted victims, hoping for an unlucky soul to take a bite and click on one of their links. The goal is to hook you, play you out until the line goes slack and then reel you in.
Phishing emails share five common traits, and we’ve collected them here from the good folks at Phishing.org to help you protect yourself from internet scammers:
- Too Good To Be True – Free money, true romance, discount medications and other eye-catching headlines attract your attention immediately. Winning an iPhone, the lottery or a romantic getaway with a sexy-sounding stranger seems exciting, which is exactly the point. Just don’t click on any suspicious emails. Remember that if it seems too good to be true, it probably is!
- Sense of Urgency – Immediate attention required! Only three prizes left! I sent you new hot online photos! Last chance or we suspend your account! If you think your trusted and reliable organization has given you a deadline or they will close your account, visit their actual site online and contact customer service directly. Your fear of missing out is what scammers are counting on.
- Hyperlinks – A link in an email may be more gobbledygook, which is a dead giveaway for phishing, or it could be something trickier. Hover over the link with your mouse or finger and look at the URL that pops up. Is it spelled correctly? Does it lead to www.arnericanlottery.com? Did you see that American here is actually spelled A-R-N-erican? When you see this kind of stuff, don’t click on it!
- Attachments – Attachments in emails should either be expected or make sense. In unexpected emails, attachments should be avoided and ignored. Malware payloads can be deployed just by clicking, and if you go too far you might wind up with ransomware or other viruses now embedded in your hardware. The only file type that is always safe to click on is a .txt file.
- Unusual Sender – Everything immediately after the @ in an email address is called the domain. Phishing emails either use tricky misspellings to fool you or else the domains are long strings of seemingly random letters and numbers. In other words gobbledygook. And even if a sender seems to know your name, whether it looks like it’s from someone you don’t know or someone you do, if anything seems out of the ordinary, unexpected, out of character or just plain suspicious in general, don’t click on it!
But no matter how careful you are, or how much attention you pay, sometimes you might miss a tiny detail. And if you are at work, on a work computer, using your work email, and you click on a dodgy hyperlink that you thought was from a real-looking money transfer website asking you to update your details or else, this could cause havoc on your network and a potential shutdown for your whole system.
Here are our tips to steer clear and not take the bait of phishing scams:
- Improve your computer security – Firewalls, anti-virus programs, spam filters and anti-spyware all help make your computer more secure and less susceptible to phishing attacks.
- Update your software – App and software updates exist for a reason. Developers roll out updates frequently to remove bugs and eliminate vulnerabilities. Your computer operating system, your software and your smartphone apps all work best when kept up to date.
- Avoid popups – Do not click on the links in popup. Do not share personal information in a popup. Shut them down with your browser settings if you can, and avoid them carefully when one gets through.
- Check your account statement regularly – Keep tabs on your online accounts on a regular basis to ensure that there aren’t any unauthorized, illegitimate transactions.
- Look for HTTPS websites – There are two communication protocols on the internet for websites – HTTP and HTTPS. The ‘S’ in HTTPS stands for Security, and any data you enter, any transaction you make is safeguarded by means of an SSL certificate.
- Avoid clicking on links from emails – Phishing techniques work because humans are human and they want to be loved. Even if you receive an email from a person who wants to be friends on a social media platform, don’t click on the link. Instead, go to the social media site manually.
- Avoid entering personal information via public networks – Free public networks at the mall, the airport or the superstore parking lot are extremely vulnerable. Fine to chat, look up an alternate price or post photos on social media, not fine to log in to your savings account and check your balance.
- Report phishing scams ASAP – Your email provider should have strong spam filters and a quick mechanism to report phishing attempts. You shouldn’t even have to open the email, just tick a box and push a REPORT SPAM button. But if it’s a phishing attempt that seems to mimic a local business you know, call the customer service line and let them know. You’ll be helping pay it forward and prevent others from taking the bait.