Just when you think you’ve seen it all — the scammers take it up a notch.
Over the years, I’ve watched how those with nefarious motives have evolved to try and trick email recipients for various reasons. Some want to infect your computer, others want your data, then there are those that just want to sell you something.
Phishing has become something most of us are aware exists. It is not uncommon to have a company or business let you know when they find out about Phishing emails using their brand to trick others.
But boy are these guys getting sophisticated. This requires that you up your game and become even more vigilant. Including taking a couple extra moments to double-check a few things before clicking on anything.
Paying Attention to Email Details
The primary reason people get caught in these phishing nets is mostly because they are not paying attention to details. Details that can provide an indication that the email is not from who it appears to be or about what they want you to think it is.
When I talk about sophisticated, I mean that these folks are very cleaver and know what they need to do to fool you. They can make emails look exactly like they are from your bank. Or a company you do business with. Logos, verbiage, colors and all.
So if the email looks almost identical to those you are receiving from legitimate sources, how do you identify the fakes?
Underlying Email Address
You can put any address in the email from field within your email program. You have total control of what is displayed to the person you are sending to.
What displays is not always reflective of the underlying email address. Mouse-over or view the underlying address in the from field to see if it in fact is the dot com of the perceived sender.
If that address doesn’t line up with the email content, delete.
Links that Go Elsewhere
Within these emails are links and calls to action directing you to a website to login, get details or even sign-up. The link text displayed in the email shields the underling URL. Same applies to graphical “buttons” or images.
Always mouse-over the linked text or button to view what displays in your email program to make sure there is a legitimate URL underneath. And these guys are even good at entering URLs that are similar at a glance, but not the actual URL of the entity they are spoofing.
Let’s use Amazon as an example:
- https://amazon.com — Good
- https://www.amazon.com/ — Good
- https://www.amazon.com/something-after — Good
- https://something-before.amazon.com/z/tc/?l=PV0vY&m=….. — Good
- https://amazon.hoaxdomain.com — BAD
- https://www.hoaxdomain.com/amazon — BAD
A good rule of thumb is if you do not see the company name directly in front of the .com you can bet something “phishy” is going on and to NOT click the link. Also be cautious of other domain extensions.
Now-a-days there are tons of TLDs (top-level domains) available. For hobbies, countries and more. With all that rare does a company use a different TLD in the email links when their primary is .com. One clue of many to take notice of.
Don’t fall for similar domains that have the company name your are familiar with in them but are not the domain you trust. For example things like amazonshipsfast.com or orderatamazon.com.
Both of which would be trademark infringement. Who ever is using those can expect to hear from Amazon’s legal team as soon as they are made aware. Using trademarked names in domain names can get you in big trouble with the trademark holder, but since when do laws stop those who are trying to pull a fast one?
Targeting Online Sellers
A common phishing scheme that’s becoming more common is targeting those who sell online. The schemers will send an email saying they are trying to order from you site but are getting errors — click this link to see the screenshot. The link takes you a nefarious site.
Or you may get an email stating someone would like to do business with you with a link that goes to a document of requirements they are looking for. Here again be very leery.
If you don’t know the sender — don’t click. If they want to send you info, ask them to simply copy-n-paste their requirements in an email to you. No links.
Be Cautious of Strangers
The best advice is to not trust emails from folks you don’t know that just so happen to land in your inbox. If the email address is not recognizable or uses a throwaway account like gmail, hotmail or yahoo for example, just delete. Legitimate business do not use these services, they use their .com.
Crooks and scammers are counting on you not doing the things I mentioned above all as a means to their end. If something doesn’t seem right or legit, it most likely isn’t.