Skill Level Beginner
- [Jess] My name is Jess Stratton, and taking this first step to learn how to recognize an attempt to access your data already puts you ahead. I'm going to show you how to evaluate suspicious-looking emails critically so you can protect your computer from malicious ransomware attacks. Let's go over some common types of phishing emails that you may get so that you'll have the skills to know how to deal with these emails. A phishing email is called that because the email is fishing for your information. They're trying to see what kind of information or clicks they can get out of you.
So I have three very different types of emails here. Here's the first one, with the subject of shipment status and then it has a number of what looks like a very official-sounding shipment status. I'm going to click on this email to start. Now this email looks like it's coming from FedEx, and there is a link here to get a shipment label. There's a few things that we need to do to look critically at this email. The first thing we need to do is see who it's from. Now, I can see that it says that it's from FedEx SameDay; however, the email address that it's from doesn't match that of FedEx.com.
Secondly, there's a few clues that I can read in here to let me know that something is just not right. The first one is this is very vague. There's no return communication on this; and, secondly, it's using vague words like "your parcel" without an actual number. And secondly, it uses the word courier. Now the courier is FedEx itself and, so, they should know who they are. So there's a lot of vague information here. I'm not going to click on this link, which most likely will be inviting malicious code into my computer.
I'm going to close out of this one. Let's go back to my inbox and take a look at a second one. This one says Bank of America alert account suspended. These are very common, getting an email that says some sort of an account that you have is suspended. Now the easiest way to tell if this is fake or not is to know, first of all, if you're getting an account suspended notification for an account that you simply don't have. For example, if I'm not even a Bank of America customer, then right away I could tell that this is a phishing email; but things get a little more tricky when it's actually an account that you have.
So right away I'm looking at the from. It's from Bank of America Alert, and the email address that goes with it matches. So I need to do some more critical sleuthing to try to figure out what's going on with this email. So it's a very official-sounding email that's telling me that my account needs to be updated. There's a link here where I can sign in and update my information, and there's also a very official-looking note at the bottom telling me how secure the site is. There's a few things here.
I can tell right away that this is probably fake because the grammar of the sentence is very poor. You'll notice that it says, it has come to our attention that your account has not been updated to the latest terms and conditions set and there's a space in between the period; and it does sound like it could be a little bit of a broken sentence. However, if you're still not sure and you're worried and you'd like to check your account just to make sure everything's okay, there is something that you can always do to be confident that your accounts are safe; and that is to never click on the link in the email itself.
Always open up a new browser window and access your online banking account that way. And you can do the same thing with any account. For example, it's also very common to get these types of notifications about accounts like eBay. So in that case, open a new browser window and log on to your eBay account or your PayPal account. If everything looks okay, then it is okay; and you can delete this email or forward it to an auto spam service. Let's go back and look at this last email.
This email says you've been accepted by who's who. If I click on this email, it's telling me that I've been accepted into a professional community network called Who's Who that looks like it's well written. There's a link here, but it also looks like it apparently comes from an actual person. Now I'm including this one because sometimes you'll get an email that very well may be a legitimate business opportunity, and you need to know how to look critically at these so you're not missing an actual real opportunity.
In this case, if you're really not sure if it's real or not, you can simply Google it. So here's an address called Global Who's Who, and a partial red flag might be the fact that this is coming from firstname.lastname@example.org. Now I'm not sure what that's all about, but I'm going to let that slide for a minute and Google everything else. Now I could choose what I want to Google. In this case, I'll Google Global Who's Who and John D'Agostino, who apparently the email has come from. So let's open a new window, global who's who, John D'Agostino.
So right away I can see an email called Scam Target. I can see a Global Directory of Who's Who Complaints Board and not a whole lot about who John D'Agostino is. So in this case, I can look, here's another scam one, and do a quick search and critically go over the search results to make my own decisions about whether I feel like this is a legitimate opportunity or not. In this case, I have seen enough to know that this is most likely not a real business opportunity; so I'm going to go ahead and delete it.
So these are some strategies to check your emails very critically so that you don't fall victim to these type of scams. These are called 419 scams. There's other ones, too, that involve a fraudulent email in which you'll be promised a significant amount of money after you provide a portion of it up front. You may have heard the term Nigerian scam, although it certainly doesn't have to originate from Nigeria. There's many instances of these emails originating from all over the world. To look critically at them, you need to go over things like who the email is from, what the actual email address is, do these things match, and look at the email very closely.
Look for punctuation errors, spelling errors, grammatical errors, things that just make the email seem off. If it seems off, it probably is; and, finally, don't ever click on a link directly in the email. If you really want to go check and make sure your account's okay, always open up a new window and access it using the site that you know and that you always get to that site from. By following these guidelines, along with trusting your instincts, you're well on your way to reducing the chance that you'll be a victim to a malicious or ransomware attack on your computer.
If you have any questions or comments, you can find me on Twitter @NerdGirlJess.