You may have heard of something called phishing, but don’t confuse this with your dad’s cottage hobby; what you catch from phishing is not near as exciting. Phishing is a type of scam that criminals are using to steal money from you. They accomplish this by installing malicious software on your computer and by stealing your personal data.
So what does a phishing email look like? Here are some common things that you can spot in these fraudulent emails:
The “From” field might come from an email address you don’t normally communication with. The email can be from someone outside of your work organization and not related to your job responsibilities. The sender’s email can look like it’s from a suspicious domain. It could be an unexpected or unusual email with an embedded hyperlink or an attachment from someone you haven’t communicated with recently.
The “To” field might include a mix of seemingly random people from your organization or a list of unrelated addresses. You might have been cc’d on an email to one or more people and you don’t personally know any of the other people.
The “Subject” field could be a subject line that is irrelevant or does not match the message content. The email message is in reply to something you never requested or sent.
There could be an attachment that was not expected or makes no sense to the email message. A big red flag is the hyperlink that is attached. To test the legitimacy of a link, hover over the hyperlink. If the address looks strange or is for a different website, that’s a bad sign.
The hyperlink or content may also be a misspelled version of a known website—for example, using facebonk.com instead of facebook.com.
If the hyperlink seems illogical, forward, or asks you to look at embarrassing or compromising pictures of someone you know, these are all red flags.
If the hyperlink is threatening in nature and asks you to click on a link or attachment to avoid a negative consequence, that’s also a red flag. However, it could sound very beneficial as well: “Click here to get a free TV”. Basically, if it sounds too good to be true, it probably is. .
The email could be full of grammatical or spelling errors.
These emails can look like they are from a legitimate company or website or they could look like they came from your CEO. They might use logos, names of companies, names of departments or job titles that appear to be real. Check if the company name is spelled correctly. Also check if the email is coming from a name you personally know, whether the email address is actually their correct email.
- Open any email attachments that end with: exe, .scr, .bat, .com, or other executable files you do not recognize.
- Click an embedded link in a message without hovering your mouse over it first to check the URL.
- Respond or reply. It’s better to just delete the email.
- “Unsubscribe” – it’s better to delete the email then to deal with the security risk.
- Check the email “From” field to validate the sender is actually someone you know or from a correct email address.
- Check for a “double-extended’ scam attachment. A text file named “safe.txt” is safe but a file called “safe.txt.exe” is not.
- Report any suspicious emails to your IT department.
- Report any suspicious emails to the Canadian Anti-Fraud Centre.
Trust your gut if the email seems odd; question it. If it looks like it came from someone you know, speak to the person in a different form of communication, maybe face to face or by phone to confirm the legitimacy of the email. Speak to your IT department before you click on the link or attachment. When in doubt, just delete the email.
It’s awful when it happens, but with these tips and tricks, you can stay safe from the nasty phishers out there. It’s more important than ever to say vigilant about your online security and stay skeptical whenever confronted with suspicious emails. We hope these tips help keep you and your family safe online!