Join Jess Stratton for an in-depth discussion in this video Avoiding phishing scams, part of Learning Computer Security and Internet Safety (2014).
- Let's go over some common types of phishing emails that you may get so that you'll have the skills to know how to deal with these emails. A phishing email is called that because the email is fishing for your information. They're trying to see what kind of information, or clicks, they can get out of you. So I have three very different types of emails here. Here's the first one, with the subject of Shipment Status, and then it has a number of what looks like a very official sounding shipment status. I'm gonna click on this email to start.
Now this email looks like it's coming from FedEx, and there is a link here to get a shipment label. There's a few things that we need to do to look critically at this email. The first thing that we need to do is see who it's from. Now, I can see that it says it's from FedEx Same Day, however, the email address that it's from doesn't match that of FedEx.com. Secondly, there's a few clues that I can read in here to let me know that something is just not right. The first one is, this is very vague.
There's no return communication on this, and secondly, it's using vague words like "your parcel," without an actual number, and secondly, it uses the word "courier." Now, the courier is FedEx itself, so they should know who they are. So there's a lot of vague information here. i'm not going to click on this link, which most likely will be inviting malicious code into my computer. I'm gonna close out of this one. Let's go back to my inbox and take a look at a second one. This one says Bank of America Alert: ACCOUNT SUSPENDED.
These are very common. Getting an email that says some sort of account that you have is suspended. Now the easiest way to tell if this is fake or not is to know, first of all, if you're getting an account suspended notification for an account that you simply don't have. For example, if I'm not even a Bank of America customer, then right away I could tell that this is a phishing email. But things get a little more tricky when it's actually an account that you have. So right away I'm looking at the From, it's from Bank of America Alert, and the email address that goes with it matches.
So I need to do some more critical sleuthing to try and figure out what's going on with this email. So it's a very official sounding email, that's telling me that my account needs to be updated. There's a link here where I can sign in and update my information, and there's also a very official looking note at the bottom telling me how secure the site is. There's a few things here. I can tell right away that this is probably fake because the grammar of the sentence is very poor. You'll notice that it says "It has come to our attention "that your account has not been updated "to the latest terms and conditions set" and there's a space in between the period.
And it does sound like it could be a little bit of a broken sentence. However if you're still not sure, and you're worried, and you'd like to check your account, just to make sure everything's okay, there is something that you can always do to be confident that your accounts are safe. And that is to never click on the link in the email itself. Always open up a new browser window and access your online banking account that way. And you can do the same thing with any account, for example, it's also very common to get these types of notifications about accounts like eBay.
So in that case, open a new browser window and log on to your eBay account, or your PayPal account. If everything looks okay, then it is okay, and you can delete this email, or forward it to an auto spam service. Let's go back and look at this last email. This email says "You've been Accepted by Who's Who." If I click on this email, it's telling me that I have been accepted into a professional community network called Who's Who. It looks like it's well written, there's a link here, but it also looks like it apparently comes from an actual person.
Now I'm including this one because sometimes you'll get an email that very well may be a legitimate business opportunity. And you need to know how to look critically at these so you're not missing an actual real opportunity. In this case, if you're really not sure if it's real or not, you can simply Google it. So here's an address called Global Who's Who, and a partial red flag might be the fact that this is coming from email@example.com. Now I'm not sure what that's all about, but I'm going to let that slide for a minute and Google everything else.
Now I could choose what I want to Google, in this case, I'll Google Global Who's Who and John D'Agostino, who apparently the email has come from. So let's open a new window, Global Who's Who, John D'Agostino. So right away, I can see an email called Scam Target. I can see a Global Directory of Who's Who Complaints Board, and not a whole lot about who John D'Agostino is. So in this case, I can look, here's another scam one, and do a quick search and critically go over the search results to make my own decisions about whether I feel like this is a legitimate opportunity or not.
In this case, I have seen enough to know that this is most likely not a real business opportunity, so I'm going to go ahead and delete it. So these are some strategies to check your emails very critically, so that you don't fall victim to these types of scams. These are called 419 scams. There's other ones too, that involve a fraudulent email in which you'll be promised a significant amount of money after you provide a portion of it upfront. You may have heard the term Nigerian scam, although it certainly doesn't have to originate from Nigeria.
There's many instances of these emails originating from all over the world. To look critically at them, you need to go over things like who the email is from, what the actual email address is, do these things match, and look at the email very closely. Look for punctuation errors, spelling errors, grammatical errors, things that just make the email seem off. If it seems off, it probably is. And finally, don't ever click on a link directly in the email if you really want to go check and make sure your account's okay.
Always open up a new window and access it using the site that you know and that you always get to that site from.
- Installing updates
- Using antivirus software and protecting against viruses
- Enabling Windows Firewall
- Using password-management software
- Encrypting files that contain sensitive data
- Securing your router and protecting the SSID
- Understanding the signs of a secure website
- Checking settings for Internet Explorer, Firefox, Chrome, and Safari
- Unsubscribing from email subscriptions
- Reviewing site privacy settings
- Browsing on a public computer
- Understanding cookies
- Protecting other people's names and locations
- Fact-checking email warnings