If you’ve been on the Internet over the past decade you’ve likely been on the receiving end of at least one phishing email. Phishing is when a hacker tries to disguise themselves as a trustworthy source in order to obtain sensitive information from you; be it your social security number, credit card number, usernames, passwords or other personal information. Every day, as hackers become more and more sophisticated, people fall victim to these scams. Here are four tips you can use to spot and avoid a phishing scam.
- Check the sender’s email address. If you receive an email from ABC Company, you should expect the sender’s email address to come from the same address as the company’s website. For example, let’s say you receive an email from ABC Company, and you know ABC Company owns www.abccompany.com. If the sender’s email address is firstname.lastname@example.org, it is likely a fake as it is from a Yahoo domain. That said, it is also possible for hackers to spoof an email address to make it look legitimate. If you’ve never had contact with the person emailing you before you should always be cautious. As a general rule, unless an email is digitally signed, it is possible it was spoofed. A digital signature includes a unique signature from the certificate, along with a public key proving to the recipient that you are not an imposter.
2. Always be suspicious of emails with generic greetings. Hackers send thousands of phishing emails in the hopes they’ll get a few fish to take the bait. They don’t always have the time, or likely the knowledge, to personalize each individual email and often send in large batched with generic greetings. As such, always be cautious with opening any email which starts with a generic greeting like, “Dear Customer” or “Dear Friend”.
3. Always be suspicious of any email requesting “urgent” personal or financial information from you or your company. If you receive an email with words and phrases like “Urgent” or “Action Required” make sure you are diligent in checking its legitimacy. Be sure to check the sender’s email address if you receive this type of email. If the email is from a government agency (has a .gov email address) such as the IRS it is likely a phishing scam. In our experience, no government agency, especially with their initial contact, will request your personal information via email.
4. Avoid clicking on any links in the email. Hackers may include links in the email taking you to fake websites to try and get information from you. The fake website may look like a real business website, or a website for a legitimate company, but the URL will be slightly different. For example, paypal.com is a real site, but www.paypal.somebusiness.com may be a phishing site Hackers tend to also mix in links to real websites along with links to fake phishing sites for a more sophisticated attack. As such, it is best to manually type in the URL or use a search engine to try and find the real link.
Hackers are getting more and more sophisticated each day. Always keep your guard up when opening strange emails and going to new websites. Be sure to keep these tips in mind when you open your inbox to avoid being reeled in to a phishing scam.
As a senior in BlumShapiro’s Technology Consulting Group, Matt has over 7 years of experience with Microsoft .NET software application development, including solutions for web, client/server and mobile platforms.
Matt’s past experience includes freelance web development, and running his own business in web application design and development. Matt joined BlumShapiro in 2012 as a staff consultant, and won the Rookie of the Year award his first year at BlumShapiro.