Tech Corner: July 2023
Topic: Tips for Detecting Phishing and Spoofing Emails
Most of you reading this article have been a target of a phishing or spoofing attack, whether you know it or not. The purpose of this tech corner is to provide a better education into what these types of emails are, what their intended purpose is, and how to better spot an email of this nature in the future.
Email Spoofing is the creation of an email message with a forged sender address with the intended purpose of trying to legitimize the email appearance and take your guard down in worrying about the actual sender.
Email Phishing typically accompanies these fake emails with a call to action for the recipient to click on a link or download a file. The intention is to get your logon details, sensitive information, or inject a malware (virus) onto your machine for continued attacks.
Phishing emails may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
Here are some tips to help spot these types of emails:
- Legit companies don’t request sensitive information through email
- No respectable organization is going to email and ask you for your personal information and in the same respect, be careful and more savvy than to give anyone that information. Just as you would not give a stranger caller on the phone your personal data, don’t give it to someone in a strange email.
- Legit companies usually address you properly by name
- Many phishing emails don’t actually have your details and that’s why they are searching for more data. Be on the lookout for awkward salutations and non-customary introductions. Often these emails are prepared and sent from overseas and don’t use traditional or common grammar.
- Legit companies use real email domain addresses
- Always take care of highlighting or moving your mouse cursor over the sender’s email address. Often types they label themselves as the company sending the email, but their actual email address is bogus. Keep an eye on this, it’s an easy way to spot a fake.
- Professional organizations typically know how to spell and use proper grammar
- As mentioned above, many of these phishing emails are prepared overseas where English is not their first language. Many spelling errors, grammar errors, sentences that don’t make sense, phrases that might be more ‘slang’ than proper email etiquette. Sometimes just reading a few words of the email can help you spot a scam.
- Legit companies don’t try and force you to a link or website
- Most professional companies explain in the email what the issue is or advise you to go to their site for further information. They don’t send you (or shouldn’t) a vague email requiring you to ‘click here’ or ‘sign in’ to read the rest.
- Move your mouse cursor over a link (hovering) to have your system show you the intended destination of that link. Be cautious of EVERY email link you receive these days and understand where that link is sending you.
Remember that in the world of technology, there really is no such thing as being “too cautious” when it comes to what emails or website links are asking you to do. Anytime you feel un-easy about something, go to that vendor website directly (rather than using the link) or contact the company on their proper number (not just the number within the email).
Hopefully by the end of this month’s tech corner, you have a better glimpse into the world of email spoofing and phishing and are able to better spot some of these attempts as they come through. Be careful, be safe, and be aware!