Grundig IT Newsletter
Computing News That You Can Use – May 2022
When was the last time you received a malicious email? In the old days, there were a number of email-based scams from Nigerian princes and foreign exchanges in need of some personal help in return for a low-risk, high-reward business opportunity. Now, malicious emails have become a lot more sophisticated, a lot more common and a lot more profitable for the perpetrators.
A lot more common? Surprisingly, an unfathomably large number of email scams – mostly phishing emails – go out every day, and the majority of them are stopped by Google, Microsoft and other email services with their built-in spam filters. However, technology can only catch some of these. It is likely you will receive these dangerous emails regularly despite built-in defenses.
Phishing emails are the most common form of illegitimate email out there. You’ve probably heard the term often enough, so I’ll be brief here: Phishing is the act of sending emails which appear to be from a trustworthy source in the hopes of getting the recipient to reveal account information such as a password or download malicious content.
Often, a commonly-used service will be impersonated – An email appearing to be from Netflix, or your bank, or the utility company. The communication appears legitimate. Many phishing emails make it appear that there is an urgent situation that must be resolved immediately. Your billing has expired, your credit card is marked as fraudulent, or some other problem that requires you to authenticate your identity. They make the sender appear legitimate and they will disguise the links to make them appear legitimate.
These bad actors are trying to get access to information – Your email and password, your address and personal data, your credit card information, etc. Clicking on a link in malicious email can also result in inadvertently downloading a malicious file that introduces ransomware onto your system and network.
Let’s talk about protecting yourself.
Activate multi-factor authentication for important accounts, including email, if possible.
Be careful when clicking on links in emails. It feels like a silly thing to say, ‘Don’t click the bad links’, but you need to get in the habit of it. Following this practice is important because phishing emails can be deceiving and create the need for immediate attention – it feels faster and easier to click that link than to open your browser and log in the slow way.
Also, when you receive a suspicious email, don’t reply to it. If you get the email at a work account, reach out to your company’s IT staff. If the email is coming from someone internal, reach out to that person directly for confirmation – not by email. It’s important to discover if there has been an email compromise, or if it’s just someone faking the sender.
An additional consideration, which has come up more often lately, is that people are more and more likely to receive and respond to email on their smartphone or tablet. This is particularly dangerous for phishing emails, because phone screens have limited space, so a lot of data is often hidden for convenience – With a touch-screen, you can’t easily hover over a link to see where it goes to, because you tap the link and it opens. Often, email headers are hidden and only the names of the sender and recipient are visible.
What should you do if you realize too late that a message might be suspicious? The response for this is going to be surprisingly the same – first, inform all of the appropriate people. There are recommended procedures on how to respond to risks of identity theft. If you believe your password is at risk, you should change your password. (We have a newsletter speaking about password safety – check it out!) Run security scans using your favorite software apps (we like Malwarebytes, either the free or pay version).
Being prepared and being aware are the greatest tools in your defense. A very useful guide for spotting phishing emails, created by KnowBe4, can be found here.
Tom Grundig – (925) 528-9081 – Tom@grundigit.com
