Securing Your Inbox
Welcome back to Part 2 of our 3 part series on how you can protect your personal and business data from unscrupulous online scammers, hackers, and other cyber threats. You can read Part One here and, soon, Part Three.
Today we’re talking about your inbox.
When a fraudster tries to get into your computer or gather confidential information by way of email deception, it is called phishing (a play on “fishing for someone to bite”).
Who’s sending this email?
Phishing emails can look very authentic nowadays; the email can have the correct company letterhead, fonts, and signature- it can look almost identical to official emails.
The “big red flag” in this scenario is in the “Sent From” area of the email.
Here is an example of an email sent in bad faith, but at first glance looks like it’s legitimate. Customer details have been boxed out in purple.
Let’s take a closer look at the email address in the header of the email –
Notice how it’s NOT from Microsoft- but “novica.com”?
There are two ways you can check the “From” section to determine if you should trust a sender or not.
- Make sure the email is coming FROM the organization it purports to be. Microsoft emails will always have “Microsoft” or “ms” in their name- always. This is true for all companies- their name is going to be in the address somehow, always.
- Even when they do include their company name, make sure the address is spelled correctly. Sometimes fraudsters will add or drop a letter that it’s not noticeable at first glance. For example, “@thomsonrueters” (correct) will be slightly misspelled to say “@thompsonrueters” (incorrect).
Can’t tell? Just forward emails to helpdesk@terrapin.tech and ask us to check the veracity of anything suspicious. Don’t click on any links or buttons in the email- just forward to our Helpdesk and we’ll let you know if you can trust them or not.
Changing credentials
Another common tactic by way of phishing is to ask for credential changes. No legitimate company is going to randomly email you telling you to click a link to change your password (as in the case of the above email!).
Credential changes can only be prompted by you, the end-user. Never change your username or password under any circumstances through an unsolicited email link randomly sent to you even if it looks legitimately from a company.
Dangerous attachments
The final sneaky tactic scammers use in your inbox is by sending attachments. Hidden in the attachment is a line of code that can cause massive disruption to your network system; more insidious is that sometimes this code can lie dormant in your system, gathering info without you noticing.
The easiest way to prevent this type of scam is to only open attachments from senders you’ve vetted and trust, and whose attachments you have been expecting.
That’s it for today! Next up in this series: Navigating “Take Control” with Remote In.