Protecting Yourself Against Phishing Scams
Spammers and malware distributors are always coming up with new ways to fool the unsuspecting. There are a few reasons that they send you “phishing” emails:
They want to ascertain whether or not the email address is valid and/or whether or not someone actually reads it. The address can then be sold to other spammers.
They want to exploit you or your computer. The link may take you to a “spoof” site to try to gain your username/password for a specific site or application. Or, it may take you to a malware distribution site to fool you into installing software with a malicious payload.
Finally, the link may simply be “click bait” to drive you to a site for ad revenue, paid comments or other content from which they benefit financially.
How can you tell if an email is suspicious?
- When in doubt, don’t click. If you don’t know the sender or the email seems out of character for the sender, don’t click anything in it. Contact the sender directly if you think their account has been compromised.
- Look out for domain spoofing. Does the email actually come from who it says it does? For example, a bank account notice should actually come from your bank. Check the email headers if you’re not sure.
- If the offer seems too good to be true, it probably is. Spammers use a couple of age-old tactics to get you to click. The most common motivation is greed. Don’t be fooled by promises of riches held in a bank account for you, or even by less-lavish schemes like 75% off discounts at your favorite retailers.
- Don’t be alarmed. This is the second most common tactic: fear. Stop and think a moment before opening an email court summons, bankruptcy notice or other alarmist email. The vast majority of the time, these kinds of official notices will arrive in the postal mail – not email. If you do open the email, read it carefully, including the sender and other email header information, to determine its authenticity.
Phishing schemes work by getting people to overcome their common sense. The best defense is to trust your instincts just like you would in a real-world, physical security scenario. Spam is the “bad neighborhood” of the online world. Keep your guard up, and you’ll prevent most attacks. A spam blocking system at the network gateway can help, as well as keeping all of your computers up-to-date with system patches, antivirus and anti-malware software.