Hackers have been more active than ever in recent years, unleashing ransomware cyberattacks upon an increasingly defense-minded public, with entire governments now pouring billions into cybersecurity. And for good reason: cyber attackers have cleverer ways than ever to get you to open email attachments or click on unsecured links that get your computer to download malware such as ransomware, resulting in your critical files becoming hijacked and held for ransom. Below are the main ways you can spot an email scam or phishing attack long before you unwittingly download a malware file.
- Mimicked email addresses. You may have seen emails that come from a familiar name, but don’t look quite right. These are mimic emails based on your tracked web navigation and contacts. Cybercriminals have now developed ways to “pose” as a friend or family member, with a suggested link or attachment you are urged to click on or open, and which contains the offending file. They also have ways to mimic companies like Amazon, Microsoft or PayPal, sending you an email that looks authoritative, and that purports to contain content that you need to “look into immediately”. Usually, this involves asking about your password or financial information. Always, always, always CALL the company first before clicking on anything in these types of emails.
- Unsecured or unfamiliar links. Clicking on a link that takes you to a form that asks you for log in info, such as username and password, is a big red flag. This usually involves taking you to a random or “hidden” page, the actual link or URL address being hidden beneath a fake one. To find out the true link address, hover over it with your cursor, and the real one will pop up after a few seconds. Another way to link-test is to copy and paste it into a text document to find out where it intends to send you.
- Language and grammar in phishing emails. Another red flag is the sloppy use of English in phishing scam emails. Some of them are quite obvious, like the ones from Nigeria, but others may slip past your radar, due to them being written on a good facsimile of a reputable company’s logo or brand template. A true email from, say, Chase Bank, PayPal, or Microsoft would be written in impeccable English, especially as a standardized notification.
- “Phishy” instructions. Look closely at what the email is telling you to do. If it tells you to click on a button, link, or download and attachment, stay away! A reputable company that sends out unsolicited security notices to its clientele won’t tell you to do any of that. They will most likely tell you to log in to your account at the company’s proprietary website, and make the changes there. It should also tell you to “call customer service if you have any questions”. You should consider any other tactic than that extremely “phishy”.
- Always read the fine print. Templates stolen by phishing scam artists will usually have fudged, different, or even non-existent fine print at the bottom of them. It will also generally not match up with the main body. This is another reason to always read the fine print before acting on an unsolicited email!
With all that in mind, you should let an expert IT services firm examine and provide proper defenses for your email phishing vulnerabilities. OnServe is the leader in providing managed IT services in Kingston, Ottawa and Eastern Ontario. Contact our expert IT staff at (613) 634-8125 or send us an email at firstname.lastname@example.org, and we will be happy to answer your questions.