I was hoping not to have to write this blog. I thought I would be retired by now. You see, I received an email from a Prince in a country I can’t even pronounce. He was in a jam and wanted to transfer his kingdom's wealth to me. All I had to do was hold the money for him until
he was safe, and he would pay me 1 million dollars for my trouble! Of course, he needed my bank account and social security numbers in order to make the transfer. Seemed like a win – win to me…
I can’t believe it has come to this, but these days it is scary to open emails. Who knows what lurks behind those links; Malware, Viruses, Crypto locker, and a whole host of other dreadful things can happen if you click on the wrong link.
IT companies like Technology Pointe keep the bad guys out and protect your systems by putting up firewalls and installing anti-virus programs along with a lengthy list of other protection devices. The bad guys know this, so they go after an easier target, the end-user. When you hear stories in the news about large chain stores getting their network “hacked”, that is rarely what happened. The real story is that they were allowed into the systems by end-users inadvertently installing malicious code and opening the door for them.
So, what can you do? I am going to reveal to you a few tricks we use to validate whether emails are real or fake. There is no way for me to give you an absolute guaranty this will catch all fake emails, but it will certainly show you how to spot and stop most them.
There are three things you will want to remember if you are questioning if an email is real:
- Identify the sender
- Screen the links
- Never trust attachments
To verify that the sender is who you think it is, the only component of an email address that matters is the section after the @ sign. This part of the email is called the “domain” and that cannot be faked. Everything else, including the name of the sender, can easily be changed to try to fool you. Glenn.Iltis@tech-pointe.com tells you that tech-pointe.com is the domain name. Bad guys hope to fool you by sending you an email from firstname.lastname@example.org hoping you don’t know the difference. They add the tech-pointe domain name into the email address but as you can see, the actual domain is @gmail.com.
You ALWAYS want to screen a link before you click on it. Even if it is from a sender that you have verified. If malware finds its way onto your friend’s computer it can pull information from their contacts list and send you emails hoping you click the links and infect your pc. It then pulls information from your contacts list and sends those infected emails to all your friends. And on it goes.
To screen a link, simply hover over the link with your mouse without clicking on it. When doing this, you can reveal where that link is going to take you. It works whether you’re on a Mac or a PC. It works whether you’re in Outlook or in Chrome. It will work almost anywhere you see a link to a website. The box that pops up might appear near the cursor, at the edge of the screen, or anywhere else, but it will pop up somewhere - look for it.
Here is an example. Move your mouse over this link but do not click on it. You see that the link shows it is pointing to http://google.com , but when you move your mouse over the link, the real url displays malicious-code.com. (Don’t worry, I made up the fake website. It won’t harm your computer if you accidently clicked on it.) It is extremely easy to rename links so always be on the lookout for them.
This also applies to icons associated with links. If you see and icon in the email like the one below, hover over it to view the address where it is actually taking you.
Like email addresses, the domain of a link is the only thing that cannot be faked. The domain is the last two segments surrounding the final dot. All other text can be ignored.
Below are a few more examples. Again, you are looking for the last two segments surrounding the final dot. Always remember, if you don’t trust the website, don’t click on the link!
Never Trust Attachments
Do not trust attachments! You should never open an attachment without knowing what you are opening. Clicking on an unknown attachment could compromise your safety and that of your peers. Just like domains that end in .com or .net, attached documents have file extensions. Most spam filters will automatically strip out file attachments that run programs, but if you see an attachment that ends in .exe, .bat, .js, never open them. These types of file extensions will execute or run scripts as soon as they are clicked on. Other types of extensions you want to be extremely careful with are .docm, .xlsm. These indicate they have macros in them and they can be just as dangerous as an .exe file.
Finally, read the email and ask yourself if the subject matter makes sense. Receiving an email that your Netflix bill is past due when you don’t have an account with them or that an invoice is past due from a company that you don’t do business with are red flags. Also, if the email is from someone you know, but the text does not sound like the way they would write, be leery of any links or attachments.
Additionally, if you have any questions whether an email is real of fake, forward it to your IT company. They should be able to confirm its validity. IT companies would much rather take the time to verify the legitimacy of an email than to restore your systems in the event of an attack.