Email phishing: Think before you link

Not that kind of fishing

A foreign prince in exile. A vast sum of money. And only you — the unwitting hero — can save the day. It sounds like the premise of an adventure film, right? But, as most of us are well aware, it’s also often “business as usual” in email inboxes. It’s pretty easy to spot scam email when subject lines are misspelled and messages show up in our spam folders, but there are lots of clever scammers out there who have perfected the art of phishing email.

According to the National Cyber Security Alliance, “phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.”

GoDaddy Chief Information Security Officer Todd Redfoot preaches constant vigilance when it comes to screening your email messages. Here’s what Todd had to say on Elliot’s Blog:

“Cybercriminals look to create a sense of urgency to trick unsuspecting victims into downloading malicious files. Many attackers try to lure you into their schemes by sending emails that look legitimate, but include links to fake login pages that closely resemble the legitimate website. Hover over links, check for misspellings (acmebnak instead of acmebank), but don’t click. Go directly to the website and log in as you would normally; any message, important action, etc. will be there if the email is legitimate. Emails from GoDaddy, in most cases, include your first and last name, a clear first indicator of legitimacy.”

Let’s break it down. Here are five signs that an email isn’t on the up-and-up:

1. Request for private information. Many fake emails purport to be from financial institutions or other services that you actually use. But they are angling to get you to enter information (like logins, passwords, credit card numbers and other identifiers) into a fake website so that a scammer, hacker or other ne’er-do-well can eventually steal from you. Ask yourself, does this seem like something an email from this source would normally ask for?

2. Links don’t go where they say they should go. A scammer might type out http://www.godaddy.com, but clicking the link might take you somewhere else entirely. Before clicking any link, hover over it to see where it actually takes you.

“Remember, If you have doubts about the legitimacy of an email, do not click a link in that email. Instead, if you feel like you must respond, go to your browser and type in the URL you want to visit.” ~ Todd Redfoot

3. Your name is in the CC or BCC field. If this email was meant for you, why would you be “CCed” rather than emailed directly? Most emails from legit sources don’t work that way.

4. Information is dated, pixelated or otherwise “off.” Does the email use a business’s old logo? Does it looks like it’s been copied and pasted, stretched or slightly altered? Scammers may steal logos and letterhead from real institutions, but they often don’t do so professionally.

5. Misspellings, typos and other errors. Theories abound on why spam emails are often riddled with typos. Some think it’s so that they can get around spam filters, which are looking for certain word combinations. Other theories purport that scammers are looking for the naïve and gullible, who might not notice obvious errors. Whatever the reason, many spam emails will be riddled with typos, misspellings and sometimes truly random gibberish.

To learn more, pay a visit to http://www.antiphishing.org/.