Is your Email Suspicious?
Sunday, July 21, 2019
Nowadays we are so familiar and comfortable with gadgets like cellphones and iPods and such that we take them to the breakfast table. We take them to the bus. We take them bed and we even take them to the bathroom with us. There’s no place that’s off limits and we inherently trust this technology or place a lot of faith that they work because a lot of the early generation bugs have been worked out of these systems and they are seen as more reliable. It wasn’t but a few years ago prior that people were worried about computer crashes, lost programs or electrical failures and glitches but now our cellphones and equipment have almost a whole day’s full of uptime.
And it’s important that they function correctly 24/7 considering we do so much on them in terms of computing power, communications, and editing.
The one place that is even more fraught with danger is any internet connected operation such as web surfing or something that’s as simple as reading texts and email.
Here are some things to do to prevent being phished and scammed through email.
1) Take it offline. First off if you suspect something is not right with the email then try to reach out to the person through other means like phoning the person. Or if you got the transmission some other way like fax you might want to contact the person in a more personal way. If you don’t know the person sometimes you may have to make a visit to the individual also.
2) Links in suspicious emails should never be clicked or opened. They can open a flood of malware, popups, Trojans or hijack your computer.
What are some ways you can tell a message is odd online?
1) The message was unsolicited or unexpected. You don’t know this person or have never received a message from them before.
- Sometimes there may be [SPAM] added by an email blocker already.
- The message may try to sell you some product or service that you don’t actually use.
- The message my have already been caught by your email filters and sent into your Junk folder
- There is no Subject or From line
- It seems unusual or addressed to a group that you’re not subscribed to
- The Subject line is urgent or threatening, or maybe makes you curious to open it or tempting to click.
2) There’s a lot of grammar mistakes in the email with unrelated or inappropriate or irrelevant text or perhaps the length of the email is odd.
3) The content in the email is questionable.
- It may have adult references or asking you to do something that may not be appropriate
- May ask for personally identifiable information like SSN and birth date information.
- It may offer you something of a financial nature like an inheritance, a loan, lottery or prize winnings or a job offering.
- The information asks you to do it as soon as possible or “act now”.
- Emails that may have clickbait have incredulous unbelievable headlines that sound too good to be true.
4) The links may have a different actual destination than what you think it is going to.
- Sometimes if you hover your mouse over a link but not actually click on it, there will be information that tells you where that link may go to
- The link may also not have a normal domain suffix and may try to send you outside your country or work organization with a redirect.
- Also the link may have a domain that’s not the same as your email domain. For example you might be Sally@workplace.com but the link is to www.workplace.biz. Notice the difference? Very slight but could be potentially problematic.
- And the link may also masquerade with text that’s purposely vague.
5) Beware attachments. Don’t get complacent.
You might see an email that’s not the appropriate size for the kind of email. Maybe too big or small or wrong attachment type.
And again it might not be clear what’s being sent. According to Phishingbox.com “66% of malware is installed via malicious email attachments”.
Everyone needs to be vigilant to take care of security and it can’t happen alone. Think of it this way. You can have your passwords at the maximum length with upper and lower characters and special characters and numbers and use two factor authentication, and all the safeguards in the world but if you click on an email you expose your system to malware and bad actors. The same goes for data breaches. A person could for instance do everything correctly and shred all their financial paperwork and safeguard everything but something beyond their control such as a phishing scam goes to your CPA and they accidentally release the whole database to an scammer.
So knowing what you can do to protect your systems is part of the battle to safeguard your information and so you don’t compromise your system and in turn cause problems to others. Think of it like having a secret key or pass code to get in your building. That’s one part of the equation which is technical and essential but even security experts can’t do it all, you as a normal computer user and lay person also need to make sure you protect the pass codes and keys, lock everything up after you’re done and put things away to prevent someone from stealing your information due to exposure.
There’s a old saying of security through obscurity is also a good thing to know. Don’t divulge all your secrets or everything that you know or possess so that there’s no curiosity or desire to crack open the vault. Emails are just one part of cybersecurity.
Some other things you can do to protect your information from being stolen include:
- Using encrypted emails or PGP keys to reduce the risk that your information is exposed.
- Changing your email service password periodically to reduce the risk of someone breaking into your email.
- Check the site you’re on if you’re using an email service to make sure you’re not on a fake site.
- Reduce your online footprint and the information you put online to not be a victim of social engineering which is the act of deceiving a person to reveal sensitive information.
- Be careful of spam which is unsolicited ads and letters.
Never be complacent about security. Secure your workstation or laptop at all times with a security lock and remove your ID and keys when not using them. Be skeptical and on guard.
Make sure to read screens for pop up to prevent clicking on something accidentally.
If you’re in a work environment then consider having your organization conduct periodic unannounced drills with fake emails to see how many people fall for phishing emails.
Another important thing is not to forward chain emails. This is one way of spreading Trojans and other viruses because people are not suspecting a piece of malware to ride inside the email.
Limit who you give your email address to. Safeguard your email address the same way you would your house keys.
These are just some ideas and tips to help you and your organization stay say. Remember nothing is fool proof and there’s always a chance someone could cause an inadvertent data leak, but with everyone being knowledgeable in safe data practices we can nip it in the bud and stop the spread of malware for going further unchecked.