By now you have probably heard about phishing (fake emails that look legitimate, usually from senders that you have some dealings with – but no always). I receive at least one every two weeks or so and I usually just delete them right away.
After reading about this I would like to share with you some tips on how to detect them and what to do.
Where do they come from?
- From a bank, credit union, financial institution or financial advisor, asking you to take care of an “urgent” matter by clicking “here”.
- From DHL, Fedex, Canada Post, etc. informing that an urgent package need to get delivered to you today otherwise will be returned to sender; usually it has a link that says “click here to track your package” or something like that.
- From the Better Business Bureau (BBB) about a negative comment on your business and the need to click “here” to check it out.
- From the HR department of your company asking you to “update” your anti-virus software by clicking “here”.
- From Paypal asking you to click “here” to receive an email payment from a recent transaction.
- And the list goes on and on…
As you’ve probably noticed, all the previous examples had the “click here” phrase, which is the norm on phishing emails; this is simply the trigger for whatever the spyware/phishing/malware. In most cases, the email by itself is harmless (although some tech blogs have reported that just by previewing the email the infection activates) and it is the user’s interaction that starts the infection.
In any case look for the following red flags:
- An easy one: you got this email from a business you’ve never dealt with. One of the ones I got was from a credit union in Halifax asking me to update my username… the thing is, I live in Ontario!
- Look for grammar errors, misspelled words and funny sender’s email address.
- HR departments DON’T upgrade anti-virus. If you work for a big company, this is done by the I.T. department without the need of your interaction.
- Any email asking you to update information they should already have.
The moral of the story is this: never, ever, ever click on suspicious links. Call the organization and verify this is a legitimate email. If you get it from an unknown source, delete it right away!
If you unfortunately clicked on it and you suspect foul play, disconnect the computer from the network/Internet immediately and call your I.T. support specialist.