We talked earlier this week about ways to detect phishing e-mail and how to deal with them but I figured I should probably bring you the lighter side of Phishing e-mails after scaring the crap out of you. It’s true that many phishing e-mails come all the time, and if you were to fall victim to one then it could be devastating for either yourself or the company you work for (assuming they would be able to infiltrate your company’s networks). The more and more the average person becomes savvier to what phishing emails look like and how to deal with them, the more the phishers are doing their best to make their e-mails look more and more legit.
It comforts me to know that this is not always the case. I remember a year or so ago I got an email that was so clearly a scam it was laughable. I still use it to this day as an example of how some emails are easy to spot from a mile away. While I don’t have the original e-mail (as it can be dangerous to keep those things) The e-mail went along the lines of;
“Dear Sir or Madam,
I am a customs Agent at LAX and I have discovered a diplomatic pouch with your name, social security number, and address on it. inside this pouch was $57,000.00 dollars. I would like to make sure that this gets back to you and I think it only fair that I would be able to be compensated for returning this to you.
In exchange for sending this diplomatic pouch back to you, I would be willing to only take 10% of the money. All I need from you is to verify the information that is printed on the bag. If you could send me your full name, Social Security Number, and mailing address I can make sure that this gets to you as soon as possible.
Yours truly,
Steve (Fake name)”
Ok…..so FIRST of all I need to stress that I think that NO ONE at The Los Angeles Airport (LAX) actually sent this to me. I also need to stress that the spelling and grammar you just read was much better than what was in the email sent to me. I just wanted to make sure you could read it here… Disclaimers are done? Sweet, let’s get to ripping this apart. if you remember from earlier this week I had three different ways to detect a possible phishing e-mail. I’ll go through this email with those in mind.
1) You don’t recognize the sender’s e-mail – I had no idea who this person was and quite frankly the e-mail in the From field was unbelievably hard to read. It wasn’t a standard j-smith@gmail.com type e-mail it was more like a 432jusl–ijsl@mailer.esp.or.com. This made me think that whoever was e-mailing me was trying to hide their identity, which is obviously someone I wasn’t willing to trust,
2) The sender is asking you to take action on something – “Send me all your information and I’ll give you money” style e-mails are, sadly, the oldest trick in the book. typically they rely on the fact that the people they are sending them to will not read them properly or not pay attention and just click a link without thinking. In this digital age, this is the equivalent of someone coming up to you with a ski mask and a paper bag and demanding your money. If I’m honest, this is one of the more benign e-mails that I have ever received like this. I have gotten e-mails “from the government” (so not actually from the government) demanding that I pay my taxes or I will be sent to prison. To be clear I contacted the CRA (Canada Revenue Agency, our version of the IRS) and they confirmed that they would never send an e-mail like that.
3) There is a link that looks suspicious – I’ll be honest, there was not a link in this particular e-mail. That’s not to say that it wasn’t suspicious. EVERYTHING else about it was screaming that it was fake. There are more and more phishing e-mails which rely on people having not enough time to sweat the details. If an e-mail looks like it could be from a particular person then it could be passable enough to in fact be from that person, but it’s not.
It’s really important for you to know what phishing emails look like and how to avoid them. in a company setting, I certainly hope that you have some form of procedure to deal with what happens if you receive a phishing e-mail. In your personal life, however, It’s important to be ever vigilant about what is and what is not a phishing e-mail. My general rule of thumb is that if you see one that is even slightly suspicious, delete it and remove it from your recycle bin. It will be completely off your system and you will no longer have to worry about some outside force that may or may not is doing any damage.
Have you ever received a phishing email? What did you do?
Let me know in the comments section below. If you like this blog post and want to see more, you can follow me on Social Media (LinkedIn, Twitter, Instagram, and Facebook @jasonlovefiles) or Subscribe to my blog to get new content delivered directly to your mailbox.