Early one Sunday morning, my editor, Yahoo Finance’s Erin Fuchs, checked her personal email & was surprised to find a message from PayPal (PYPL). The missive said she had recently changed her password, & asked her to call a phone number if that wasn’t the case.
It wasn’t, so Fuchs called. The email had come from a “firstname.lastname@example.org” address & included a link to the PayPaypal website. However, she became suspicious when the person on the other end of the line asked for her credit card information to “verify her account.”
.An example of a phishing email.
It doesn’t matter who you are or what email service you use. If you have an email account, you’ve received some kind of scam, or phishing email, just like my editor.
Most of the time, these emails are relatively effortless to spot. Some African prince or other wealthy individual wants to send you money until he can make it to the US. You just need to send your bank account information & Social Security number.
But criminals are quickly changing their tactics, firing off more sophisticated emails in an attempt to trick you into giving away your personal information. According to Gary Davis, chief consumer security evangelist at Intel (INTC) Security, in a recent study, more than 19,000 people were asked to look at 10 emails & identify which ones were scams. Only three percent of them were able to find all of the phony messages.
Worse still, some phishing messages contain ransomware, which locks down your entire computer until you pay the culprits a ransom.
Yes, it’s a scary world out there. But there’s hope. If you follow some of these quick tips, you’ll be able to stay one step ahead of the offensive guys.
Read the subject line & sender’s address
Phishing emails are designed to sucker as many victims as possible. They cast a wide net by covering topics like banking & package deliveries—two things most people generally receive emails for.
You should be on high alert if you obtain a message from an unknown sender with a subject line mentioning changes to your bank account—or that you need to pick up a package that can’t be delivered—and you aren’t expecting either of those things. It’s probably a phishing attempt.
Just delete the message & move on with your life.
Hover over links
Okay, so you can’t remember if you changed your bank account info or aren’t sure if you have a package in the mail, so you open the email. That’s cool. As Intel Security’s Gary Davis explains, it’s rare that just opening a message executes any kind of code on your computer.
.It doesn’t matter what email service you use, you’ve unquestionably received a phishing email.
The message, however, tells you to click a link to check out the changes to your account or the status of your package. What do you do? Simple: Hover your mouse over the URL. When you point to a link without clicking, most web browsers & email programs automatically display the web address that link will open. If the email says it’s from your bank or delivery service, yet the link points to a different site, don’t click it.
Urgency is suspect
A satisfactory number of phishing emails try to obtain you to act before you think—by adding a sense of urgency to their messages. An email telling you to log into or verify information for your bank or other account labeled “Final Warning” or “Urgent Notification” should set off warning bells right away.
Kevin Haley, director of product management for Symantec’s (SYMC) Security Response, explains that you should be suspicious if you receive an email with a URL or attachment that is trying to obtain you to click on something right away.
.If an email seems like it’s trying to push you to do something immediately, it’s probably a scam.
Russian agents are widely considered to have used this exact method to break into the Democratic National Committee’s server’s via a phishing email.
So if you obtain a message telling you to do something instantly, ignore it. If you think it’s legitimately from your bank, skip the link & just go directly to your company’s website.
Hooked on phonics
The easiest way to identify a phishing email is if it’s loaded with grammatical or spelling errors. As Microsoft points out in its phishing email primer, legitimate businesses hire professionals to ensure that communications with customers are mistake-free. Criminals? Not so much. So if you obtain an email that’s strangely formatted, & is loaded with enough grammar issues to drive your fifht-grade English teacher insane, delete it.
.If you receive an email with especially poor grammar, just delete it.Patience is a virtue
A lot of people fall victim to phishing emails because they’re simply in a rush. They’re in the middle of cooking dinner & taking care of two toddlers, see an email from their bank & BAM, that’s that. So how do you fix this? Just take a few minutes, breathe, & read your emails carefully. That’s pretty much it.
What to do when you’re hooked
So you’ve clicked a link or downloaded an attachment in a phishing email. You’re done for, right? Not exactly.
Both Davis & Haley suggest that if you realize you’ve been the victim of a phishing scheme & you’re swift enough, you can alter your passwords on any affected websites before the criminals obtain access to your accounts. If you can’t do that, your best bet is to disconnect your computer from the internet & run an antivirus program.
Disconnecting your computer (like turning off WiFi) ensures that any malware you downloaded can’t communicate with its home server & steal your information; meanwhile, the antivirus program takes care of anything on your machine. You should moreover enable two-factor authentication on your accounts, which requires that you enter both your password & a second string of characters usually sent to your smartphone via text or an app, to keep people from accessing your information.
If, however, you’ve given your private information to someone via email, well, your best bet is to use a credit-monitoring service to make sure that no one is opening credit-card accounts in your name.
More from Dan:
Nintendo’s Switch breaks launch records, yet don’t celebrate yet Samsung’s new tablet is a Surface Pro 4 fighter with serious firepower How Google is fighting the war on internet trolls The coolest tech toys from Toy Fair 2017 Everything we know approximately the next iPhone so far Dell XPS 13 2-in-1 review: The best laptop around learns a new trick Samsung’s Chromebook Pro is the best Chromebook yet
Email Daniel at email@example.com; follow him on Twitter at @DanielHowley.