How to identify phishing emails and what to do
Note:This blog was written by an independent guest blogger.
Phishing scams remain one of the most widespread cybercrimes. A phishing scam can be as simple as getting someone to click on a link, attachment, or a picture of cute kittens. I recently received a spam email with the message:
“Old friends post embarrassing pictures of Jason Nelson online; click here to see.”
Seeing my name in the body or subject line of an email is alarming. That is why scammers word these emails this way. They want to alarm you, and in your rush to defend yourself, click the link to see the pictures.
Similar to extortion emails that claim to have videos of “compromising” situations or screen recordings of users on adult websites. These emails work on our fear of embarrassment, rejection, or ruin to get us to let down our guard.
Do not click on anything in these emails. Delete, Delete, DELETE.
But, it does beg the question, where do these emails come from, who is sending them? In this article, we will be looking at the phishing phenomenon and what options we have to defend ourselves.
According to a 2018 report from statistics website Statista, at 11.69%, the majority of spam emails originated in China. But before we in the U.S. pat ourselves on the back, the second-largest amount of spam emails came from the United States at 9.04%.
Since 2018, many of these scams demand some form of a cryptocurrency payment. In an October 8, 2019 report, the cybersecurity company Cofense said that phishing scams are changing their tactics and moving from Bitcoin to one of the so-called altcoins like Litecoin or Monero.
So how do these scammers get our emails? One way and most likely is lax security protocols or a data breach at a service or email provider. HaveIbeenPwned is a website that can help you see if your email is on a compromised site.
But there are other ways as well, including email addresses sold to the highest bidder. A way to minimize our risk of phishing scams is to be mindful of and limit the websites we provide our emails. Also, use a password manager to create more complex passwords. BitWarden, 1Password, and Dashlane are good options.
When deciding on an email address, avoid using your name and or some specific data. For example, janedoe1980@email.com - try to avoid using your actual name and actual year of birth or the last four of your social (for U.S. Citizens).
There is no way to be 100% safe online, but at least we can make it that much harder for cybercriminals.
So let’s look at some steps we can take to protect ourselves from phishing and scam emails:
- Check the sender address, even if the message seems legitimate, look at the sending address, if it looks odd, it’s probably spam.
- Does the email ask you to click on a link or attachment? Again check the sender address and the rest of the email for anything out of the ordinary.
- Did you receive the email out of the blue? A long lost relative is trying to send you money? Delete.
- Does the email contain several misspelled words? It could be a phishing email.
- Does the email contain some threat (embarrassment, prosecution for example) it’s more than likely a phishing scam.
Lastly, if the email appears to be from someone you know or an organization you do business with, call that person (not from a number on the email) and verify they sent the email. Law Enforcement and the IRS are not known for sending threatening emails. Delete.