Recently I looked through my Spam folder in Gmail. So many of the messages were “spoofing.” This means the email LOOKED like it was from a legitimate company, but in reality it was someone trying to trick me into giving personal information or money. It is not just email where people try to trick me into clicking on links or downloading files that I should not be. Websites can also contain links that are malicious.
Hover your Mouse
If you hover your mouse over a hyperlink you can see what website the link goes to in the bottom left of your window. Notice if you hover over the word hyperlink in this paragraph that it links to Catlin Tucker’s book on Amazon. Before you click on a link check that the URL goes to the website you are expecting.
Check for Misspellings
A trick you may encounter is that the website is almost legitimate. Look to make sure the site URL is spelled correctly and does not have extra words or letters in the URL.
Go Direct
When I get an email from a company I usually work with I will not click on the links in the email. Instead I go directly to the website in a new tab. I personally type in the URL of the website to ensure that I am going to the legitimate site. I will log into my own settings.
Example
Phishing attempts try to get you to click on links or download files that are fraudulent or malicious. Notice that this phisher goes out of his way to point out that this email is not spam and the proof is that he is offering you a link to unsubscribe. This is a very tricky way to get you to click on a link that could be malicious. If in doubt that an email is legitimate do not click on anything in the email.
Example
In this phishing attempt you will notice the email looks professional. The email is about Lasik eye surgery and has a legitimate looking logo. On the “Click Here” notice that the destination URL in the bottom left hand corner is actually to “soulysoccer” which has nothing to do with eye surgery.
[expand title=”Click Here for additional examples”]
Example
This email has a strange subject line of Re: [4]. Normal friends do not address emails like this. Notice this is an email from someone I know. It is not unusual for someone’s account to be hacked. Be cautious of emails that are sent from people you know. Spelling errors are another red flag that an email is not legitimate. If the screenshot in the email was really from a reputable company there would not be spelling errors.
Example
A legitimate email from a company such as FedEx would have FedEx branding on it. Be careful though, just because an email does have corporate branding does not make it legitimate. It is incredibly easy to copy images off of the internet and use them illegally. Notice in this email that while the email is suppose to be from FedEx, the sender has a weird non-FedEx email address. As a general rule, NEVER click on attachments. Even when they are sent by friends I do not download attachments.
Example
Notice this email asks you to appear in court. However, the email address is not an official government email. The body of the email is generic and does not mention you by name. A court summons would not come by email, would have your name, would give the specific jurisdiction, and would have court logos. There is a mysterious zip file attachment that will do who knows what damage to your computer if you download it.
Example
An email without a body and only an attachment is bad news. Phishing attempts will include logos from reputable companies. Notice from the attachment preview that the Gmail logo was utilized in an attempt to make the scam look more legitimate.
Example
In this phishing attempt, the subject line is a bit strange with “from: Ezenia Garza.” People I know usually do not use subject lines such as these. Notice that the email was sent to a large group of people who I do not know. One clue that an email is not legitimate is when it is sent to a lot of people who do not seem to be connected in any particular way.
Example
Notice in this email the email address has a sender name of “udealo.” This does not match the name of the sender. Legitimate companies do not usually ask you to send emails to Yahoo accounts or other non corporate branded emails. Notice also that the email for “Western Union” is located in another country. The end of the Yahoo address says “.my.” Be on the lookout for poor grammar and spelling. Many phishing attempts are coming from foreign countries. The grammar errors along with the .my in the Yahoo email address give indications that this is someone from another country and you should be cautious.
Example
Notice in this email that when you hover over the URL in the email that the destination email does not match. This appears that it might just be a link to track clicks, however you do not know if that is true or not. Do not click on links that do not match the destination.
[/expand]