People have been falling for online scams since the beginning of the internet. The sophistication of scams today has made it increasingly difficult for malware security software to help because the latest scams rely on tricking the user instead of infecting the computer with a virus.
You’ve probably heard the term “phishing”. It’s when an email from what appears to be a trusted source lures you into giving your login credentials by linking to legitimate-looking websites which are actually bogus.
Knowing what a scam looks like is the best way to avoid falling prey to a scam. For example, the email below is supposedly from Daman’s IT department. In the email, they are asking the user to “CREATE NEW PASSWORD” by clicking on the link.
You can often tell a scam by simply hovering the mouse over the email address. If another address appears, you should delete the email. It’s not always that simple though and this should not be used as an absolute rule. Another way is to click “reply”. Again, if the return email address isn’t the same, then it could be a scam and you should delete the email.
To check the legitimacy of a link, look at the web address. The address should begin with https:// (note the “s” after http). Fake sites will usually just have http:// (no “s”). You should also look at the domain of the URL address. If it isn’t the domain owned by the institution then it is probably not legit.
If you are still not sure, you can always call the sender’s institution to verify the email.
Other Tell-tale Signs of a Scam
Subject lines that contain words like “urgent“, “immediate attention required“, or “do this now“— to make you think the world as you know it will cease to exist if you don’t take action immediately.
“Suspected hacking attempt” is supposed to shock you and entice you to click links, open attachments or even call the phone number listed in the email.
“CREATE NEW PASSWORD” takes you to a site containing malicious content. If you hover over the link with your mouse, you would see that this does not direct you to a site related to the sender.
Daman’s Rules of Thumb
Daman will never send anything like the ones we described to our users.
If you don’t recognize who the email is from delete it.
If there are attachments you aren’t sure about, forward it to your security group to verify that it is not a virus or a link to malicious content.
If you suddenly get an email asking you to pay an invoice, you need to ask if this is normal – do you recognize the sender/company/user, and would that person send an invoice directly to you?
Same goes if you suddenly receive an email from an internal user (perhaps your manager, or company president), asking for private information. Things like passwords, W2’s, Social Security Numbers, and Credit Card information. No one in our organization should ask for that type of information in an email.
Don’t click on links from within emails. Even if you think the email is real, you are better off manually typing in a link to the known site, so you can manage your account.
The key to protecting yourself is to be vigilant— think before you click, consider the source, and just in case you do happen to get phished, make sure you backup your data.