Skip to main content

How to spot a phishing(fake) email

Even if you have security software, phishing is a serious threat, one that can expose you to ransomware. Here's how to avoid these dangerous emails. Security threats come in all shapes and sizes. You've probably heard of viruses, trojans, keyloggers and, more recently, ransomware. Want to know what they all have in common? They can all be the result of phishing.

The word itself is a homophone; hackers use bait -- usually in the form of a seemingly legitimate file or link -- to "phish" for victims. And because this bait is usually spread via email, it's hard for security software to, er, philter out. That's what makes it so pernicious.

A sad example of a business 'phished'

True story: A couple years back, my brother-in-law's business was breached by ransomware. This horrific code encrypted nearly every data file -- Word documents, Excel spreadsheets and so on -- and literally held them for ransom. If he wanted his data back, the price would be $700.

According to a security pro hired to help, the ransomware got in when one of the owners opened an email attachment marked "My resume" -- a seemingly harmless action, especially given that the company was, in fact, actively hiring.

Phishing can also result in identity theft and even lock you out of your phone. But wait, isn't security software supposed to protect you from such threats? It is, but that's what makes phishing so devious: It arrives as seemingly harmless-looking email and cajoles or frightens you into action -- usually clicking a link or opening a file. And often that's all it takes.

While many people are well acquainted with this practice and know what to look for, I suspect there are plenty of folks who still fall victim. Heck, I consider myself an expert at phishing avoidance, yet I've had occasional momentary lapses that almost got me to click a fraudulent link.

How to spot a fake email

Below I've shared an actual email that shows some telltale signs of phishing fakery. Note that because I'm a PayPal user, the email certainly caught my attention -- at least initially.
1. Like many people, I have several email addresses. But this message came to an address that isn't linked to my PayPal account. What's more, the "To" field is blank, an obvious sign it didn't actually come from PayPal.
2. Bad grammar and spelling are telltale signs of phishing. Big companies hire professional copywriters (and editors) for email communication.
3. My name is missing. The salutation merely reads, "Hello, [blank]." I'm pretty sure PayPal would communicate with me by name.
4. Another strong clue this is a fake: I didn't just sign up for PayPal. Now, you might think, "Oh, no, somebody created a PayPal account in my name!" Again, this is a scare tactic (and a weak one at that) designed to get you to click the inviting blue button. Were you to do so, you'd probably be directed to a site that looks fairly PayPal-like, with a form requesting all kinds of personal info -- including a credit card number. Alternately, you could land at a site that stealth-installs a bunch of spyware and/or viruses.
This was some sloppy phishing. But there are much craftier ones out there, like "your account has been compromised!" or "FedEx has a delivery waiting for you" emails that look indistinguishable from the real thing.

Fortunately, it's fairly easy to protect yourself against come-ons like these.

How to avoid getting caught in a phishing net

Always be suspicious. Phishing emails try to freak you out with warnings of stolen information or worse, and then offer an easy fix if you just "click here." (Or the opposite: "You've won a prize! Click here to claim it!") When in doubt, don't click. Instead, open your browser, go to the company's website, then sign in normally to see if there are any signs of strange activity. If you're concerned, change your password.

Check for bad spelling and grammar. Most of the missives that come from outside the US are riddled with spelling mistakes and bad grammar. As I noted earlier, big companies hire professionals to make sure their emails contain perfect prose. If you're looking at one that doesn't, it's almost certainly a fake.

Beef up your browser. An accidental click of a phishing link doesn't have to spell disaster. McAfee SiteAdvisor and Web of Trust are free browser add-ons that will warn you if the site you're about to visit is suspected of malicious activity. They're like traffic cops that stop you before you turn down a dangerous street.
Use your phone. If you're checking email on your phone, it might actually be harder to spot a phishing attempt. You can't "mouse over" a questionable link, and the smaller screen makes you less likely to spot obvious gaffes. Although many phone browsers (and operating systems) are immune from harmful sites and downloads, it's still good to exercise caution when dealing with suspicious links. (Obviously you still shouldn't complete a form that asks for your password or other personal info.) Android users in particular should be aware of the potential risks.

Most of all, rely on common sense. You can't win a contest you didn't enter. Your bank won't contact you using an email address you never registered. Microsoft did not "remotely detect a virus on your PC." Know the warning signs, think before you click, and never, ever give out your password or financial info unless you're properly signed into your account.


Comments

Popular posts from this blog

Check NYSC Senate Approved List of All Institutions for the 2017 Batch ‘B’

National Youth Service Corps, NYSC senate list is out. The portal for verifying the senate approved mobilization list (2017 Batch ‘B’) of various institutions in Nigeria is live.
This is to inform all prospective corps members (2017 Batch ‘B’) that they can now check the senate approved mobilization list of their various institutions on the National Youth Service Corps (NYSC) portal for free.
See also: NYSC Batch ‘B’ Mobilization Exercise Timetable – 2017
HOW TO CHECK NYSC SENATE APPROVED LIST. 1. Go to NYSC senate list portal at https://portal.nysc.org.ng/nysc2/VerifySenateLists.aspx 2. Select your Institution. 3. Supply your Matriculation Number and Surname in the required columns. 4. Select your date of birth. Finally, click the ‘SEARCH’ button to access your mobilization status.

2019: How to Obtain and Check your Voters Registration Status With Your Voters ID Number

The Independent National Electoral Commission, INEC has made it easy for Nigerian voters to obtain permanent voter’s cards and check their voters’ registration status.
INEC started the continuous registration process on April 27, 2017 to enable qualified persons to obtain their Permanent Voters Cards,PVCs.
The commission outlined two steps towards obtaining the PVC’s.
The first step is for the qualified Nigerian who had not registered before to do so in the Continuous Voters Registration Phase 2 currently going on in selected states, including the FCT from 9 a.m-3 p.m Mondays to Saturdays.
I love this. One step forward!

If you are a registered voter, check your  status via link below. It is seamless, innovative and reliable. Simply Select your:

1.) State

2.) Surname and

3.) Date of Birth
Click the link below
http://voterreg.inecnigeria.org
If your details are not in the database please go and register. Please, help circulate widely👍

Is Davido A Member Of The Black Axe Secret Cult? Check Out What His Manager Is Saying

Asa Asika, Davido’s country manager,  has rubbished a controversial report which went viral last week that one Tobi Adegoke, a 25-year-old suspected member of the Black Axe cult was lured into becoming a member of the group with promises that joining the group would grant him the rare opportunity of meeting Davido, Vanguard reports. According to the suspect, a budding musician who is currently in police custody after being arrested and paraded alongside 26-other suspected cultists by the Lagos State Police Command last week Wednesday; he fell for the cheap trick because he believed meeting Davido would boost his music career.  “I am an Aiye member (Black Axe). I have been in the cult for about two years. I was told that Davido was a member and if I joined, I will be able to meet him. It was the guy who initiated me that said so. He said he worked for Davido and that it will be easy access for me. But since I joined, I have not met Davido. They told me I’ll become a very popular musici…