As we covered in our last post, one of the best ways to avoid falling prey to cybercriminals is to “think before you click” within incoming emails, to avoid reacting to an increasing abundance of phishing scams arriving in your inbox.
Once you’re in the habit of watching for suspicious subject lines before even opening an email, how can you further differentiate legitimate queries from phishing most foul?
BE ON HIGH ALERT WHEN…
Criminal techniques may be new-fangled and ever-evolving, but many of the red flags are timeless. Whether online, in the mail, on the phone or in person, be on extra alert when:
- An offer sounds too good to be true. (E.g., You’ve just won a big prize!)
- A stranger wants to be your friend.
- The email is supposedly from someone you know, but it’s not their usual style.
- Someone claiming to represent a government agency, professional service provider, vendor, police department, charitable organization or other authority contacts you out of the blue, warning you about a risk, asking for personal information, encouraging you to take action, or enticing you with tempting offers.
- Your gut is generally warning you: Something seems off.
GENERAL RULES OF THUMB
Here are a few other helpful ideas to accompany these general rules of thumb:
- Don’t talk to strangers. Remember, most legitimate requests for information or online offers will only arrive in response to a specific query you’ve already made or an e-newsletter you’ve opted into – not by randomly landing in your inbox.
- Before you click, hover. Before you click on anything, you can usually “hover” over or “right-click” on both a hyperlink as well as a sender’s supposed email address, to view the actual, underlying link or address. The precise technique depends on the device you’re using, but if the underlying link or email address is anything other than EXACTLY what you were expecting, do not click, no matter how legitimate the email may appear to be. Cyberthieves are getting very clever at looking legitimate, when they are not.
- Close doesn’t count. Sometimes, a link or address will be so “weird,” it’s obviously bogus. But not always. A malicious link or sender may display an address that is nearly, but not quite the same as a legitimate source, to trick you into trusting them. For example, instead of the sender being [email protected], it may be [email protected]amzon.com or [email protected]biz.
- Take a sniff test. If you sense even a whiff of trouble in an email, don’t click! Your odds of exposing yourself to malware is far higher than the risk you’ll miss out on anything important if you ignore a call to action.
- Go old school. If you do want to respond to what may be a legitimate request, instead of clicking on any links or replying to the email itself, look up the contact information for the legitimate source. Do this via Google, a phone book or a similar independent source. Do NOT use any of the contact information within a suspicious email itself. For example, say you receive a warning from the IRS, or an enticing offer from your bank. Look up the IRS’s or the bank’s phone number through legitimate channels and follow up with them directly.
ANTI-VIRUS SOFTWARE + JUNK EMAIL FILTER
Each of your devices should also be equipped with regularly updated anti-virus software and a decent junk mail filter for your email account. That said, as our friends at KnowBe4.com explained to us in a recent (legitimate!) email, “Your email filters have an average 10.5 – 15% failure rate; you need a strong human firewall as your last line of defense.”
So, definitely recruit technology to assist you in filtering out the junk. But keep up your own guard too – at work and at home. With regularity, it may be all that’s standing between you and a cybercrime.
SAGE Serendipity: “Those phone calls and cards are a far cry from the five generic “happy birthday!’s” you write in a row on Facebook, or the cute, but dispassionate emojis you get on your wall from friends who really should have texted or called.” Agreed! Quartz.com writes about Why A Paper Birthday Calendar Is So Much Better Than A Facebook Reminder.