There are more emails being sent around the holidays than ever before. Not to mention that online shopping increases year over year. This past week has been evidence of that!
I don’t know about you but I was to the point that anything that had Black Friday or Cyber Monday in the title, I just started deleted them. E-mails touting early sale access, then the countdown, then the actual sale. Followed by several you only have “a couple more hours” last minute emails. Only to get another email that the sale has been extended — in many cases for another week!
It is just plain exhausting… And we still have another month of this ahead.
With that extra activity combined with a rushed attention span, hoaxsters know how to take advantage of the fact that folks are pressed for time, overwhelmed and not paying attention as they should. Hoax emails disguised as order confirmations, financial alerts and “feel good” forwards so that they are more easily propagated.
Phony order or invoice emails that claim to need your immediate attention that look just like the real thing. Your first instinct is that something isn’t right but the verbiage seems to imply this is something you need to check out — right now!
Don’t do it. First, let’s check out the little details.
Before forwarding any email, or clicking on any links within that claim to be of importance, you need to vet that email. Making sure it is not a hoax or a scam before reacting is worth the little bit of extra effort.
Don’t Click “Phishy” Links!
The practice of luring unsuspecting Internet users to a fake website by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a website replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.
If you do not recognize the sender, do not click on any links. Even if the email looks like it may be legit you still need to double-check if the clickable links are valid. No matter what the Subject: field states or the message implies. Hoaxsters have become pros at making emails look like they are from legitimate contacts or companies (UPS, Amazon, PayPal, financial institutions, etc.).
Before clicking on any link, hover your mouse over the link. Look to see what displays in the location bar of your email software. The visible text can be different than what the underlying actual link is in the background code. When you hover over, you should see the actual underlying link right below your email message.
When you can see where that link takes you, you can immediately determine if the link could be trouble. Hoaxters are very clever at making the underlying URL look legit(ish) too.
Here’s How to Investigate Underlying Link Code
Let’s use Amazon as an example:
- https://www.amazon.com/ — Good
- https://www.amazon.com/something-after — Good
- https://amazon.hoaxdomain.com — NOT Good
- https://www.hoaxdomain.com/amazon — NOT Good
A good rule of thumb is if you do not see the company name directly in front of the .com you can bet something “phishy” is going on and to NOT click the link. And don’t fall for similar domains that have the company name in them but are not the domain you trust. For example things like amazonshipsfast.com or orderatamazon.com.
Simply having the company name in a variation of the primary domain name can be trouble too! Using trademarked names in domain names can get you in big trouble with the trademark holder, but since when do laws stop those trying to pull a fast one?
How do you know if a domain name is legit?
You can look it up! If the Registrant, Admin and Tech contacts do not match that of the primary domain, you know to just hit delete. Some domain owners have privacy services blocking that info — in that case compare the record to that of the domain name you know and trust. They should match identically — if they don’t, well you know what to do.
If you see a link with .php/.js/.asp, actually if you see anything tacked on the end other than a typical domain ending, that’s a “Danger, Will Robinson!!” moment! That email could lead to a page that most likely has a trouble-making script of some sort.
The last thing you want to do is forward emails that contain nefarious links within that could cause the other side to click on them. By you forwarding, the recipients are going to trust that you wouldn’t send them anything that wasn’t reliable, right? If you don’t want to take the time to confirm an email’s legitimacy, then you don’t forward — just hit delete.
Hoax Vetting and Info Websites
While there are websites that claim to be truth detectors and hoax exposers — some are not what they say either! Here are a couple sites I can confidently recommend to checkout email claims before you embarrass yourself by forwarding them “to everyone you know”.
- Hoax Slayer
- Truth or Fiction
- McAfee’s Virus Hoaxes
- Avoiding Social Engineering and Phishing Attacks
- Symantec Risks
Are there irresponsible forwarders on your contact list? Be sure to send them a link to this article by clicking on that little green envelope icon below!