IT Security Tip #2: How to spot a phishing e-mail
A “phishing” e-mail is a bogus e-mail that is carefully designed to look like a legitimate request from a site or someone you trust in order to trick you into doing something that benefits the sender. It could be to get your login credentials to a particular site (and if you’re like most, use those on all other sites because people re-use passwords!), to trick you into opening an attachment that infects your computer (even if you can’t see it being infected immediately), or to convince you to call the bad guy (who’s acting like someone you trust). In short, they’re tricking you to do something you wouldn’t otherwise do.
Often these e-mails look 100% legitimate and nearly always show up with an attachment of some kind. The email could appear to be from UPS or FedEx saying you have a package and the attachment has the tracking number. It could be from some company you actually work with saying you have an unpaid invoice…”see attached”. It could be a Facebook or local bank notification (“…you’re overdrawn, see attached for details…”) That’s what makes these so dangerous – they LOOK exactly like a legitimate e-mail probably from someone you know or as part of a routine business process you deal with every day (like UPS packages!). So how can you tell a phishing e-mail from a legitimate one? Here are a few tell-tale signs…
First, hover over, DON’T CLICK, a link in the email to see the ACTUAL website you’ll be directed to if you were to click it. If it look fishy, don’t click it. If the link you can see before hovering looks like a website address (called a “URL”), and the one you see when hovering doesn’t match it, definitely DON’T click it! You’re just not sure but need to know, avoid clicking and type the address directly into a browser, instead of trusting the link.
If there’s a mismatched or suspicious URL, delete the e-mail immediately. Another tell-tale sign is poor grammar and spelling errors. Another warning sign is that the e-mail is asking you to “verify” or “validate” your login or asking for personal information. Why would your bank need you to verify your account number? They should already have that information. And finally, if the offer seems too good to be true, it probably is.
In closing, if the offer seems too good to be true, it is. If you don’t normally get package notifications (even if you get packages all the time), ignore it. If it from someone you know, call them or email them directly (don’t reply) and ask if they sent this. Don’t trust what you get at face value…the criminals behind all of this stuff are relying on you to do just that.
If you need us, call or email us!