Thursday, February 18, 2016

Don't Go Phishing - An Email Safety Tip

I am preparing a training for my clients on how to avoid problems that show up in email. Whether it's work email or home email, certain "bad" emails will always get through. If you have a good anti-virus program and a good spam filter, you shouldn't get viruses in your inbox.

But "phishing" is another program. Phishing is pretty much what it sounds like - bad guys are fishing to see who will bite. Here's a great example of a phishing email:

Notice the popup that says "http://s522558593... ." We'll come back to that.

When you get any email that includes links, do not click on anything unless you are 100% sure that it's real. For example, if you receive a regular newsletter, those links are probably safe.

Here are some quick tips for dealing with phishing emails.

First, be suspicious. Phishing emails often look very real. They will frequently have a "scare" tactic to get you to click without thinking. For example, a letter was returned undeliverable. Make sure we have the right address.

Well, wait a minute. Do you even use this product or service? Do you care if a letter went missing? Is this your bank?

Second, never click on the links in an email unless you asked this person to send you this email. If your bank has an urgent message for you, then open a browser and log into your bank. That way you'll know YOU initiated the contact and that it's really your bank. If there's an urgent message for you, it will be there.

If you want to see where the link is really going, float your mouse over it. See the example above. The "link" looks like it's going to, but if you click it will really go to that long link instead. In this case, that link is to a server with a reputation for sending massive amounts of spam email. If you click anything, you verify that your email works and they can sell it again.

I did not click on the link because 1) I don't use CoveredCA, and 2) I floated my mouse over it and the address was different.

But if I had clicked, I bet it's a site that looks very much like the "real" CoveredCA web site. But when you put in your information, if fails. In reality, you have just given the bad guys your username and password!

That's what they're fishing for.

The bad guys convince people to let their guard down. You need to have some hard, fast rules that you never break. And remember that the government will never initiate contact with you. And neither will most large businesses!

And here's a bonus tip: If you receive an email with an attachment, never open the attachment unless you asked that person to send you that email.

In general, click less and slow down. When you go fast, the bad guys can trick you into clicking when you should be deleting!


1 comment: