From the course: Security Tips
Recognize phishing emails
From the course: Security Tips
Recognize phishing emails
- [Instructor] Phishing emails are messages that are designed to try to get people to share their personal information without realizing it. In many cases, the goal of phishing is to try to steal someone's identity, to access their financial information to steal money or to use their information to access a restricted system. There are a few different kinds of junk email out there, and it's important to know the difference between them. The sort of email that floods inboxes, or nowadays, floods spam boxes, trying to sell dodgy products with weird formatting and spelling is generally just called spam. Phishing attempts are usually a little better looking than this, though not always. Most phishing attempts make an effort to look somehow official, like they're from a bank, or a payment site or an email site, or some other kind of social or personal information site. In many cases, phishing attempts will emulate big brands, in order to trick people into clicking through to a fake website and giving it their real credentials. It's very common for phishing emails to pretend to be a Gmail password reset, or some other kind of notification like a shared document. Many people's Google account is a central piece of their online and offline security model, so a compromised Gmail account is very valuable to an attacker. The same is true for Yahoo!, Microsoft and other large email providers. Sometimes phishing attempts look like invoices, requests for authorization to deliver a package, and other common business activities. It's also common for phishing attempts to pretend to be a notification from a payment site, or bank in the hopes of capturing someone's financial login information in order to steal money. And sometimes phishing attempts pose as fake confirmations that you have signed up for dating sites and other personal ad sites. Or notifications about social media activity. In some cases, phishing emails can look sloppy and a little bit off, but others look exactly like the genuine messages that they're impersonating. And some legitimate emails can have that spammy look about them, if certain elements don't show up correctly or if the designer was having an off day. So you can't go by appearance alone, to determine whether an email is a phishing attempt. Other types of phishing you'll see are much less sophisticated, including emails with just a link, or simply asking you to reply to them with personal information. Often, these attempts say something like that you've won a lottery, or you're due an inheritance, and you need to provide a birthdate, bank account number or other information like a mailing address to receive it. For a lot of people, this kind of phishing doesn't pass the smell test, but it keeps happening so someone must be falling for it. Even just opening a message or clicking on the link in a phishing email, can indicate to a phisher that there's someone behind the email account that's likely to click on links, so you should avoid clicking on anything in a message until you determine whether it's fake. Figuring out whether an email is a phishing attempt involves a few different approaches. First, it's important to ask yourself, whether you're expecting an email similar to it. If you get a request for a password reset or something did you recently request it? Were you expecting a message from your bank, or a package from a shipping service? If so, an email is probably legitimate, but it doesn't hurt to still be skeptical. If the message came to your inbox unexpectedly, it's time to be a little bit more suspicious. Generally a safe way to check if a message is legitimate, is to separately log in to whatever account is associated with the service or company that a message is from. If it's a message that says it's from our bank, open up a web browser, type in your bank's web address, log in there and see if you have a notification. Generally speaking that should give you your answer. And, if an email instructs you to call a phone number for some reason, look to see if that phone number appears on the web site for the organization the email says it's from. Something else to consider is the general tone of a message. When businesses send out automated emails, or messages about accounts, those messages have typically undergone some copy editing to make sure that the language used is correct and matches the brands style. In many cases, you'll see unprofessional grammar, misuse of terms and improper capitalization in other good looking phishing emails. I can't speak to this in other languages, but I've definitely noticed it in English. Some phishing attempts can also sound overly formal, rushed or somewhat rude, in relation to what the message is asking for. Be sure to look at the sender too. Most organizations will send messages from a branded email address, not a personal address. And a lot of phishing messages, have mismatched or otherwise odd-looking sender names, or addresses. It's easy to spoof or fake a sender's address though. You can also dig into the message a little bit, to see if things are what they seem. If you're pretty technically inclined, it's interesting to read through the email headers, and trace it's path through the internet. And you can use other tools available in your email client, to check out a message. Some email clients will show you the address of a link in an email by hovering your mouse over it without clicking. Usually a link or button should go to a page hosted on the domain of whoever sent the message. So, if you get a message from Google, for example, to share a document, whatever the link you're intended to click on should go to Google, and the link should look clean. What does that mean? Well, it's a little hard to describe. Basically you want to make sure the domain part of the URL is actually the domain you expect it to be. Not one that only kind of looks right. Or one that actually goes somewhere different. Some phishers will register domains, or sub-domains, that look like the site they're impersonating, so look closely at that if you're at all suspicious. And the last thing to consider, if somewhat unquantifiable. It's the gut check. The smell test, or the vibe. If you have any doubt, pause and investigate. Ask a co-worker, a friend or a family member to take a look and see what they think. But hold off on clicking any links in the email. That's how they get you.
Contents
-
-
-
Use a password manager3m 3s
-
(Locked)
Choose good passwords3m 18s
-
(Locked)
Use two-factor authentication5m 22s
-
(Locked)
Security questions3m 39s
-
(Locked)
Smart home devices3m 24s
-
(Locked)
Secure your home Wi-Fi5m 40s
-
(Locked)
Laptop security5m 36s
-
(Locked)
Browse the web safely3m 52s
-
(Locked)
Block ads and trackers4m 57s
-
Recognize phishing emails5m 6s
-
(Locked)
Recognize phone scams6m 42s
-
(Locked)
Donate a computer safely3m 45s
-
(Locked)
Back up data securely2m 37s
-
(Locked)
Encrypt sensitive files9m 4s
-
(Locked)
Use a VPN service5m 5s
-
Browse the web with Tor4m 45s
-
(Locked)
Social media security options6m 20s
-
(Locked)
Mobile device security5m 14s
-
(Locked)
Stay secure on shared computers6m 9s
-
(Locked)
Scan for viruses and malware5m 45s
-
(Locked)
Stay secure when traveling6m 56s
-
(Locked)
Keep work and home information separate5m 21s
-
(Locked)
Use the cloud securely2m 8s
-
(Locked)
Cache and cookies5m 54s
-
(Locked)
Spear phishing and catfishing4m 55s
-
(Locked)
Understanding and preventing ransomware2m 29s
-
(Locked)
Keeping an eye on your own security4m 8s
-
(Locked)
What's a URL?6m 28s
-
(Locked)
Turning on and using full-disk encryption2m 13s
-
(Locked)
What to do if your information is compromised5m 34s
-
(Locked)
How to tell if a link is legitimate4m 3s
-
(Locked)
Understanding biometric security3m 26s
-
(Locked)
What is public key encryption?3m 3s
-
(Locked)
Build a portable apps USB6m 41s
-
(Locked)
Handling information securely3m 54s
-
(Locked)
Understanding common attacks5m 17s
-
(Locked)
Paying securely online5m 45s
-
(Locked)
Wireless security for mobile phones4m 3s
-
(Locked)
Chatting securely4m
-
(Locked)
Configuring 2FA with Authy3m 45s
-
(Locked)
Configuring 2FA with 1Password3m 28s
-
(Locked)
Securing your email account2m 38s
-
(Locked)
Encrypted email2m 29s
-
(Locked)
Steganography2m 24s
-
(Locked)
Exploring app permissions2m 36s
-
(Locked)
Using kiosk mode in Windows 104m 5s
-
(Locked)
Using a separate network for your IoT devices4m 26s
-
(Locked)
Adding a guest account to your computer4m 52s
-
(Locked)
Safely donating mobile devices3m 38s
-
(Locked)
Learn more about security with LinkedIn Learning2m 22s
-