Skip to main content

How to spot a phishing(fake) email

Even if you have security software, phishing is a serious threat, one that can expose you to ransomware. Here's how to avoid these dangerous emails. Security threats come in all shapes and sizes. You've probably heard of viruses, trojans, keyloggers and, more recently, ransomware. Want to know what they all have in common? They can all be the result of phishing.

The word itself is a homophone; hackers use bait -- usually in the form of a seemingly legitimate file or link -- to "phish" for victims. And because this bait is usually spread via email, it's hard for security software to, er, philter out. That's what makes it so pernicious.

A sad example of a business 'phished'

True story: A couple years back, my brother-in-law's business was breached by ransomware. This horrific code encrypted nearly every data file -- Word documents, Excel spreadsheets and so on -- and literally held them for ransom. If he wanted his data back, the price would be $700.

According to a security pro hired to help, the ransomware got in when one of the owners opened an email attachment marked "My resume" -- a seemingly harmless action, especially given that the company was, in fact, actively hiring.

Phishing can also result in identity theft and even lock you out of your phone. But wait, isn't security software supposed to protect you from such threats? It is, but that's what makes phishing so devious: It arrives as seemingly harmless-looking email and cajoles or frightens you into action -- usually clicking a link or opening a file. And often that's all it takes.

While many people are well acquainted with this practice and know what to look for, I suspect there are plenty of folks who still fall victim. Heck, I consider myself an expert at phishing avoidance, yet I've had occasional momentary lapses that almost got me to click a fraudulent link.

How to spot a fake email

Below I've shared an actual email that shows some telltale signs of phishing fakery. Note that because I'm a PayPal user, the email certainly caught my attention -- at least initially.
1. Like many people, I have several email addresses. But this message came to an address that isn't linked to my PayPal account. What's more, the "To" field is blank, an obvious sign it didn't actually come from PayPal.
2. Bad grammar and spelling are telltale signs of phishing. Big companies hire professional copywriters (and editors) for email communication.
3. My name is missing. The salutation merely reads, "Hello, [blank]." I'm pretty sure PayPal would communicate with me by name.
4. Another strong clue this is a fake: I didn't just sign up for PayPal. Now, you might think, "Oh, no, somebody created a PayPal account in my name!" Again, this is a scare tactic (and a weak one at that) designed to get you to click the inviting blue button. Were you to do so, you'd probably be directed to a site that looks fairly PayPal-like, with a form requesting all kinds of personal info -- including a credit card number. Alternately, you could land at a site that stealth-installs a bunch of spyware and/or viruses.
This was some sloppy phishing. But there are much craftier ones out there, like "your account has been compromised!" or "FedEx has a delivery waiting for you" emails that look indistinguishable from the real thing.

Fortunately, it's fairly easy to protect yourself against come-ons like these.

How to avoid getting caught in a phishing net

Always be suspicious. Phishing emails try to freak you out with warnings of stolen information or worse, and then offer an easy fix if you just "click here." (Or the opposite: "You've won a prize! Click here to claim it!") When in doubt, don't click. Instead, open your browser, go to the company's website, then sign in normally to see if there are any signs of strange activity. If you're concerned, change your password.

Check for bad spelling and grammar. Most of the missives that come from outside the US are riddled with spelling mistakes and bad grammar. As I noted earlier, big companies hire professionals to make sure their emails contain perfect prose. If you're looking at one that doesn't, it's almost certainly a fake.

Beef up your browser. An accidental click of a phishing link doesn't have to spell disaster. McAfee SiteAdvisor and Web of Trust are free browser add-ons that will warn you if the site you're about to visit is suspected of malicious activity. They're like traffic cops that stop you before you turn down a dangerous street.
Use your phone. If you're checking email on your phone, it might actually be harder to spot a phishing attempt. You can't "mouse over" a questionable link, and the smaller screen makes you less likely to spot obvious gaffes. Although many phone browsers (and operating systems) are immune from harmful sites and downloads, it's still good to exercise caution when dealing with suspicious links. (Obviously you still shouldn't complete a form that asks for your password or other personal info.) Android users in particular should be aware of the potential risks.

Most of all, rely on common sense. You can't win a contest you didn't enter. Your bank won't contact you using an email address you never registered. Microsoft did not "remotely detect a virus on your PC." Know the warning signs, think before you click, and never, ever give out your password or financial info unless you're properly signed into your account.


Comments

Popular posts from this blog

Check NYSC Senate Approved List of All Institutions for the 2017 Batch ‘B’

National Youth Service Corps, NYSC senate list is out. The portal for verifying the senate approved mobilization list (2017 Batch ‘B’) of various institutions in Nigeria is live.
This is to inform all prospective corps members (2017 Batch ‘B’) that they can now check the senate approved mobilization list of their various institutions on the National Youth Service Corps (NYSC) portal for free.
See also: NYSC Batch ‘B’ Mobilization Exercise Timetable – 2017
HOW TO CHECK NYSC SENATE APPROVED LIST. 1. Go to NYSC senate list portal at https://portal.nysc.org.ng/nysc2/VerifySenateLists.aspx 2. Select your Institution. 3. Supply your Matriculation Number and Surname in the required columns. 4. Select your date of birth. Finally, click the ‘SEARCH’ button to access your mobilization status.

Scary News About Your Cellphone

File photo

The war rages on about the safety of cell phones.  One side argues there’s either nothing to fear, while the other warns that your phone is causes grave harm when it comes into close contact with your body. Citing the views of other experts Dr Joseph Mercola tries to show where the real truth lies.

The year 2014 marked the first time in history that there were officially more mobile devices than people in the world – approximately 7.2 billion.

Although significantly lower, the number of cell phone users is forecast to reach 4.77 billion by the year 2017.

That’s a lot of cell phones and cell phone users. But what’s even more fascinating about all these mobile devices is the behaviour that surrounds them: The average cellphone owner checks their phone 110 times a day, or about nine times each hour; and 46 percent of smartphone owners say “they couldn’t live without” their phones

Cell Phone Safety

Most…

Nigerian Navy commences recruitment of graduates

The Nigerian Navy has commenced the process for the recruitment of suitably qualified Nigerian graduates through the Nigerian Navy Direct Short Service Commission (DSSC) Course 25.
The guidelines for the enlistment can be accessed on the Nigerian Navy Enlistment Portal http://www.joinnigeriannavy.com/ which will be opened on October 11 for interested candidates to apply online.
Interested applicants, who must be Nigerians by birth, should possess a minimum of Second Class Upper Division for first degree holders and Upper Credit for HND holders. Male applicants must not be less than 1.68 metres tall while female applicants must not be less than 1.65 metres in height. Applicants should be between 22 and 28 years by 31 January 2018, except for Imams and Chaplains who should not exceed 30 years by January 31, 2017.