- Red Flags That Can Help You Recognize Phishing Scams.
Phishing emails used to be easy to detect, thanks to poorly structured email layouts or sloppily written copy. Nowadays, cybercriminals are producing more sophisticated phishing scams that are easy to fall for if the target doesn’t know the red flags.
- Here are 10 of the most common “tells” that an email or text may not be what it seems:
- Generic greeting or signature
- Spoofed hyperlinks and websites
- Poor spelling and grammar
- Poor or unusual formatting
- Hover before you click.
- Low-resolution (pixelated) images
- Blank pages
- Discrepancies in email addresses “from” trusted senders, such as slight spelling differences, missing letters, or altered punctuation (e.g., underscore instead of a period)
- Content creates a sense of urgency (eg: ACT NOW!)
- Watch for red flags.
- Don’t enter personal information or passwords on an unsecured site (indicated by the lack of a padlock icon in the browser address bar
) - Make sure you use unique passwords for each service or, get a password manager to help keep your password secure.
- Stay current on updates.
- Ignore pop-ups.
- Don’t give out info unless you are 100% sure who you are giving it to.
- Only login from trusted sources. If an email asks you to login using a link, don’t use it and instead go to the home page of the organization you’re dealing with and log in there.
- If you opened the email by mistake, what should you do?
- Scenario 1: Did You Read Just The Email?
There are a few scenarios where even reading an email can be dangerous, but these tend to be very specific cases. In general, open an email and reading it or skimming the contents is not usually enough to cause any real harm.
If you know the email is spam or malicious without opening it, you should simply delete it. But in the case where you weren’t sure and did open the email you should take the time to consider whether the email is legit/harmless or may even be harmful. Could it potentially be a spam email?
Check the from address and look at the actual email part (hovering over the name is usually enough). If the email appears to be strange, or has a misspelled version of a valid email then it may be potentially malicious. You can also consider the content of the email. Emails with obvious spelling mistakes and poor grammar are often potentially harmful. Malicious actors will also often use non-personal tones and try to create a sense of urgency or panic that is out of place. Many malicious emails will end by requesting some type of information, such as a password, or account number or card verification. Keep in mind that legit companies won’t ask for confidential information from you. That’s a rule of thumb.
So if the email asks for answers regarding security questions or card numbers, that’s likely a spam and dangerous email. If you received this kind of email perform the following steps:
- Don’t click any link or image. Clicking a link or image may either redirect you to a page or download something. To prevent viruses from entering your computer, don’t interact with any links or images unless you are very sure of the authenticity of the source, or have a reputable anti-virus software that can do a real-time scan of the link before opening it.
- Just read the text. Don’t reply. The email sender may pretend to be someone from a reputable company. If they’re asking for confidential information, they’re scammers and hackers. The best solution for this is not to reply at all
- Report the email as spam. Every email has a report feature. Reporting them can help authorities fight phishing scams and identity theft. Also, it allows the email service provider to segregate spam emails from legit emails.
- Scenario 2: You Clicked A Link Or Downloaded The Attachment? Here’s What You Can Do:
Clicking links or downloading attachments from a non-legitimate source can be potentially harmful to your device(s). Links can either redirect you to a page or download something. If you download attachments carelessly, it can run virus scripts on your computer. Computer viruses can affect the performance of your computer. It can delete or hide your files without you knowing. And what’s even worse is that it can spy on you and steal all information stored in your computer. In the succeeding sections of this article, you’ll learn more about the risks associated with spam emails.
Links that redirect to another page can be a phishing scam. In this scam, the landing page can look like a reputable company’s website. For example, the site may imitate the design and interface of American Express or some other reputable companies. And just by entering your user id and password you would have given the scammer future access to your account and do whatever they want with it, none of which would be good for you. You may also give away other confidential information which inevitably leads to some sort of identity theft. If ever you provided confidential information or downloaded the attachment of a dangerous email, here’s what you need to do:
- Scan computer for viruses using antivirus software. Some viruses or malware can execute themselves without human interaction. Moreover, spyware can run in the background without you knowing. The best solution for this is to run a full computer scan and set a schedule for an automatic, pro-active scan by the software.
- Regularly update the virus database. Antivirus software like McAfee or Norton regularly updates their database for the latest viruses. Before scanning, make sure you’ve updated your antivirus software’s database.
- Change passwords. Whenever you unknowingly provided login credentials to an online scammer, change your passwords immediately. Make sure that your passwords are not too obvious, and it should be an alphanumeric combination that’s no less than ten characters to minimize risk to you of the scammer being able to guess your password through some software.
- Report the email before deleting it. Reporting the email helps prevent malicious emails from reaching your inbox. It also allows authorities to track down these scammers and determine potentially deceptive emails.
- Disconnect all your devices from that account. Due to multi-device integration, cybercriminals can now hack your phone if it’s connected to a laptop or tablet. It’s best to disconnect all your devices from the hacked account to prevent theft of confidential information like credit card passwords, CVV numbers, or passcodes.
- Report the incident to the local authorities. If you think that the hackers have penetrated any or all your accounts, report to authorities immediately. You can:
- Report to local authorities
Visit https://www.getcybersafe.gc.ca/en for additional resources about cybercrime
Report a SPAM or phishing email to IT Weapons.
Email the Service Desk at support@itweapons.com to open a ticket regarding the email. If you forward the email to the service desk, please make sure you forward the email as an attachment. If you have inadvertently clicked on a link or opened an attachment you suspect may be malicious, contact your IT Team, or the IT Weapons Service desk at 905-494-3050
Please visit our YouTube video for more information on identifying SCAMS
https://youtu.be/SbUNO2BJe10
