‘Tis the season for online shopping. As the volume of online sales increases, so do the frequency of phishing emails disguised as popular online retailers and delivery services. It’s important to remember that a cyber criminal’s goal is to get you to click before you consider the possibility that the email you’ve received could be fraudulent. This is why it’s important to take the time to really look at emails before clicking any links or downloading attachments — especially if an email is requesting that you take action immediately or under certain time constraints. Read on for tips and tricks that will help you identify the difference between a legitimate email and a fraudulent one.
Basic indicators of a fraudulent email:
Misspellings and poor grammar:Oftentimes, emails with misspellings or poor grammar were originally written in a different language and were then run through translation software. With all the nuances of the English language, it’s difficult for software to find exact parallels for certain words, while ensuring they make sense within the overall context of the message. Legitimate businesses are more diligent about spotting and correcting spelling and grammar mistakes.
Requests for urgent action:As we stated above, hackers will often request the reader to act immediately, in order to illicit a rushed response, as opposed to a thoughtful one. If you receive an email requesting quick action that you believe is legitimate, go around the email to take the action.
For example, if you received an email saying your password has been compromised and to change it immediately, instead of clicking any links in the email, go directly to the website from your web browser. Login and change your password in your account settings. This way, you have taken the action without incurring the risk of downloading malware or handing your login information to a hacker.
Unsolicited requests for information:Legitimate businesses will not send you an email to request financial information, account numbers, personal information, usernames, passwords, or copies of invoices. Do not give out this information in an email or over the phone. If you have concerns, reach out to the business’s customer service by using contact information published publicly online.
Suspicious links:If you’re on a computer, hover over links with your mouse before clicking them. You will be able to see a preview of the web address linked in the email. Or, if you're using a device with a touchscreen, press and hold your finger on the link, until the URL shows. If the URL doesn’t match-up with your intended destination, do not click the link.
For example, if a link says it will take you to Amazon's sign-in page, the URL should start with "https://www.amazon.com." However, if the link goes to "http://www.amazons.com," you should notice two things wrong with the web address. First, the URL starts with "http" instead of "https," meaning it is not secure. Second, the URL misspelled Amazon by adding an "s" at the end.
What do you do if you believe you have received a fraudulent email?
If you believe you have received a fraudulent email, do not click any of the links provided or download any attachments. It is best to mark the email as spam and delete it from your computer. If you would like to report the fraudulent email, you may generally do so by reaching out to the company the email pretended to be from. UPS, FedEx, USPS, and Amazon have web-pages addressing email fraud, where they give examples of fraudulent emails, as well as instructions on how to report them.
If you’re uncertain as to the validity of an email, either go directly to the website without clicking any links, or reach out to the business’s customer service representatives. When your data and personal information is at stake, it's always best to err on the side of caution.
As an IT partner to businesses, we offer cyber security training to our CoreCare clients that teaches users how to spot the difference between a legitimate email and a phishing email. The services we provide also allow you to put your training to the test through real-life application. You can send out staged, practice phishing emails to your staff in order to see who clicks. Then, you can assign more training to those who need it. If you would like to learn more about our cyber security training services, contact us today!