Last year I did a couple of posts on Tips to Avoid Getting Phished. While technically I’ve covered this subject I always feel that something important is worth going back to. Phishing e-mails are e-mails in which someone tries to gain access to your account so that they can (amongst other things) steal your identity. In my working life, I deal with phishing e-mails (or rather suspected Phishing e-mails) on an alarmingly regular basis. The people in my office are really good about talking to me if they think that an e-mail that they received could possibly be a phishing attempt.
There are many ways to figure out if an e-mail is a phishing attempt.
1) The sender’s e-mail address isn’t one you recognize – There is enough law in place now that the only sales e-mails you should be getting are the ones that you’ve signed up for. That being said there are still ways that people can fake someone’s e-mail address. Because of modern convenience, we have made it so that when you enter a person’s e-mail address in an email you don’t see their e-mail, you typically see their name. This can also be detrimental because phishers could fake (or spoof) someones email and use their own e-mail instead. You may have a good friend named Adam Jenkins (as an example) and his e-mail is ajenkins92@gmail.com…. but you get an e-mail where the address line says Adam Jenkins (adam2342245@seemenow.com). This is someone pretending to be your friend and very likely someone who is trying to gain access to your account.
2) The e-mail is asking you to take action on something – I can’t tell you how many e-mails I get saying things like “SAVE 20% ON OUR PRODUCT!!!!” For the most part, these are innocent sales e-mails that I have signed up for. I do however also get e-mails from people who are trying to scam my information out of me. I came across a funny one a few years back and I’ll tell you about it on Thursday. On the flip side, there are some malicious e-mails that pretend to be from legit organizations. The one that I have seen far too many of most recently is “Microsoft” emailing people that they have run out of space on their OneDrives and they need to upgrade their accounts. I’ve also seen e-mails from tax collectors which threaten to send the police after me if I don’t click on their link and pay my taxes through them…..Which of course wasn’t true. When e-mails are threatening you it’s because they want to scare you into action. These people figure if they throw around super scary words like Prison or Law Suit, you the receiver of this e-mail would be willing to do anything to get out of it. Online, if someone is trying to scare you, it’s because they can’t do anything until you take action.
3) There is a link you have to click which looks suspicious – Some links in phishing e-mails are quite sophisticated. They can be very legitimate “click here” buttons. Some, however, are MUCH easier to spot. Some phishers simply put a complicated URL into the body of their e-mails. Some people fall for this and it’s important to be vigilant and not click links that look suspicious. Unfortunately, there is no formula for what should look suspicious and what doesn’t. It’s really up to you the person who received the e-mail to make sure that you don’t click anything that looks off.
For sure the Phishers are out there. and we can’t stop their e-mails from coming in, at least not completely. Luckily, there are a few things that we can easily do to protect ourselves.
1) Don’t click the link – I can’t tell you enough how important not clicking the link on a phishing e-mail is. You wouldn’t let a suspicious looking person into your house, and those you know how to spot from a mile away. The same is true of phishing e-mails. If you think that the e-mail is suspicious or the link is suspicious then don’t click the link. Hackers and phishers have a hard time breaking into your system if you don’t let them, but if you click that link and let them in, there is no telling what kind of damage they could do.
2) Verify that the person actually sent the e-mail – In the Adam Jenkins example I gave above, the easiest way to deal with this is to verify that the person actually sent the e-mail. I used to advise people to just e-mail the person’s proper e-mail address and say “Was this you?” but then the hackers started spoofing people’s actual e-mail addresses. The effect was that is you e-mailed a person to validate the hacker would respond…which was not helpful. What I recommend now is that if you receive an e-mail from someone pick up the phone and actually talk to the person. There is nothing like the live conversation to clear up an issue as to whom is trying to contact you.
3) Delete it and remove from your recycle bin – Deleting a phishing e-mail is good, removing it from your recycle bin is better. I put up a post about 3 reasons for emptying your Digital trash (Hyperlink) but the one that I didn’t give in that article that is relevant here is that even in your trash, Phishing e-mails can still do damage. Your Recycle bin is still on your system and if there was a virus e-mailed to you as an attachment it can still do damage. It’s better to remove any malicious e-mails entirely from your system than chancing that they could do hard in your recycle bin.
Phishing e-mails happen. There’s very little we can do to stop all of them from being sent. I read an article a couple weeks ago saying that despite the best filers and anti-virus scanners about 10-15% of the phishing emails will still squeeze through. It’s up to us to be able to recognize the phishing e-mails for what they are and remove them from our systems. You can’t stop other people from sending you phishing e-mails, but what happens to you once you get that email is entirely up to you.
What do you do with your phishing e-mails?
Let me know in the comments section below. If you like this blog post and want to see more, you can follow me on Social Media (LinkedIn, Twitter, Instagram, and Facebook @jasonlovefiles) or Subscribe to my blog to get new content delivered directly to your mailbox.