Phishing sounds like something nice to do on a warm afternoon. But it’s actually an email designed to trick you into revealing personal information (ie: credit card numbers) or get you to click on a link that will do some damage to your computer and/or the financial data on it.
Becoming familiar with common tricks of the phishing trade will help you identify and eliminate risks to your security. Let’s get started!
Who is this email from?
The “From” line can tell you a lot about whether you should open an email. Does the address:
- Look familiar? Whether from a person or a company, you should recognize the sender. And be sure it’s spelled correctly. Some bad guys make their address try to mimic authentic companies’ addresses but add, subtract, or change one letter inconspicuously.
- Come from someone you trust? If you don’t know the sender personally, has someone you know vetted them?
- Make sense? The support division of major companies probably aren’t emailing you.
Who is this email to?
You, right? But a closer look could reveal hints. Is it:
- Sent to people you don’t know? If you’re among a list of people on the “To” line, evaluate whether the group makes sense. You should be able to identify, for example, that the others are in the same division at work or part of your book club.
- Forwarded? Be especially vigilant with a chain email. The more hands—or computers—a message has gone though, the more likely it’s infected with a bug.
When was it sent?
The “Date” feature is easy to overlook, but ask yourself:
- Does it add up? Maybe your pal is emailing you when you know she’s at the movies. But it pays to be suspicious.
- Was it outside of normal business hours? Most of the time, business-related emails arrive during business hours.
What’s the subject?
The good news is that online con artists often give themselves away by seeking to reel you in in dubious ways. Does the subject:
- Align with what the email says? If the subject references a school event for your child but the body content is about low-cost cars, don’t click on any links!
- Provoke a strong emotion? Inciting fear is a useful tactic for scammers. “I’ve been arrested!” “I need help!” Many times, it’s a setup to get you to send money to alleviate a made-up problem.
- Reference an email you never sent? Your doctor is returning an email about an overdue bill. The electric company is responding to your request to pay online. The only problem is that you don’t remember sending those emails. When in doubt, call the company—don’t give out your financial info.
What’s the content?
Here’s where things get interesting, so put on your detective hat. Does the email body:
- Ask me to take a risky action? Click on this. Send me these account numbers. Pay this “fine” here. They’re all red flags.
- Sound legit? Your boss’ grammar is flawless, so an email from her won’t look like it’s written by a first grader. Or maybe a message from a friend isn’t her style at all.
- Sound scary or lewd? Whether it contains a veiled threat (“I know what you’re hiding—open the attachment for proof”) or a temptation they’re hoping you can’t resist (“Remember him? You’ll never believe what he looks like now!”), steer clear of it.
- Have the “right” signature? Generic signatures aren’t typical for emails from valid companies; most have details like a contact person, that person’s title, and a local or toll-free phone number.
Are there attachments?
Attachments can get you into a world of trouble, so unless you’re absolutely sure they’re aboveboard, keep your mouse off of them. Is the attachment:
- Something you were expecting? If not, make sure the attachment jibes with your life—ie: your child’s soccer schedule, snack schedule at church, etc.
- Contained in a safe file? Look at the file extension letters to see if you’re familiar with it. Text files (.txt) are always okay to open, while .exe are almost always a bad idea.
What about hyperlinks?
Those embedded links that take you to another part of the web should be double- and triple-checked before clicking on them. Is the hyperlink:
- Flying solo? Sometimes you’ll get an email that’s blank except for a hyperlink, which is really tempting for a lot of us. Which is probably why scammers keep them coming.
- Spelled correctly? In the same way that a misspelled company name in the “From” line is a problem, a misspelling of a well-known company in a hyperlink indicates trouble.
- Leading to the right place? You can see the web address for the hyperlink simply by hovering your mouse over it. If you see any sign that it’ll take you to an unfamiliar site, don’t click on it.