Can You Identify an Email Scam?
As the number of spam and phishing emails continues to rise, it is increasingly more valuable for you and your staff to be trained how to recognize a scam when you see one.
Take the phishing quiz: Intel and CBS News Phishing Security Quiz. It’s a great resource for discovering if you and/or your staff can identify email scams and phishing emails.
Here’s 8 Tips to Identify Phishing and Scam Emails:
1. Hover Over the From Address
One of the easiest ways to identify if an email is legitimate or not is to hover your mouse arrow over the name in the “from” section of the email. By doing this, you will be able to tell if the email is actually from the sender or a domain that is linked to the actual sender name. For example, an email from LogMeIn would typically have a sending domain of “logmein.com” (not “1logmein.com” or “mylogmein.com”).
2. Check if URLs are Legitimate
Hover over any parts of the email that contains a URL or hyperlink to a website. Always make sure the link is legitimate.
*TIP FOR SMARTPHONES: On most smartphones, you can long press hyperlinks to see more info.
3. Watch for Incorrect Grammar and Spelling
Many hackers will misspell words on purpose. While it might seem that this would easily reveal a fake email, it is actually a tactic used to find less savvy users. Spammers have learned that if they get a response from a poorly worded email, they are onto an easier target and will focus their efforts against that user.
4. Pay Attention to Emails with Plain Text and No Logos
Most legitimate emails will be written in HTML and will contain a mix of plain text and images. Also, legitimate emails generally have the company’s logo. A phishing email may have an absence of images, including the lack of company logos. If the email is all plain text and looks different than what you’re used to seeing from that company or sender, it’s probably best to ignore the message.
5. Recognize if the Whole Message Body Is An Image
Many spammers will send an email without any “actual” text, the entire message will just be an image. Make sure the email is a mixture of text and images.
6. Beware of Requests for Personal Information
A common tactic that is used by hackers is to alert you that you must provide or update your personal account information (e.g. Social Security number, bank account details, account username or password). Phishers will use this tactic to drive urgency for someone to click on malicious URLs or download attachments aiming to infect the user’s computer or steal information.
7. Be Suspicious of Unfamiliar Attachments
Ask yourself: is this the first time this company has sent me an attachment? Most reputable retailers or financial institutions will not send attachments via email, so be extra careful about opening any from senders or messages that seem suspicious. High risk file attachment types include .exe, .scr, .zip, .com, and .bat.
8. Ask, Is My Email Address the From Address?
If you notice that your email address is the From address, this is a red flag and sign of a fake email message. Similarly, if the To field shows a large list of recipients, be cautious. Legitimate email from legitimate senders will likely be sent directly to you and only to you. You may see “undisclosed recipients” in the To field, and this is something to watch out for as well.
Follow these 8 simple guidelines and you’ll be able to identify phishing emails and prevent them from ever having an effect on you or your business. For more information on phishing scams check out: Don’t Get Caught Phishing: 70% of Emails are Spam
About the Author: Dan Schneck is VP of Network Services and co-founder of To Solution, Inc., an information technology managed service provider based in Waukesha, Wisconsin. Visit https://tosolution.com/blog to read more of Dan’s blogs, connect on LinkedIn at linkedin.com/in/danschneck, or follow on Google+ at https://plus.google.com/u/1/+DanSchneck