One of the most common ways computer viruses spread is through email. Most of the malware-carrying messages are caught in your account’s spam filter, so you don’t have to worry about those. It’s the malicious emails that make it to your inbox that you need to be mindful of, and phishing emails are by far the most dangerous.
What makes phishing emails so effective is that they use trickery to get a user to open the message and download the virus-ridden attachment. Even the brightest PC user can fall victim to a phishing email, especially when the scam touches on a topic that you care about, like issues with your bank account, an expected package in the mail, starving children, or perhaps even your dating success.
A phishing email will disguise itself as originating from a trusted source and great lengths are taken by the hackers to make the message look like the real deal. Unless you know specifically what to look for in a phishing scam, it’s easy to fall for one.
Here are four things to look for in a phishing email that will save you from downloading a virus.
The Email is Unsolicited
A legitimate organization would never send out an unsolicited email asking users for personal information. Likewise, a real company would never send out an unsolicited email asking you to download an attachment. Even if the message looks real, understand that, if it’s unsolicited and is asking something of you (or even threatening you), then it’s a scam. If you think there’s a chance the message is from a trusted organization, then you can double check by calling the company about the email with the phone number from your records, not the one provided in the email.
The Email Contains Phony URLs
A legitimate email will contain URLs pointing back to the company’s official website, and a trusted website will often have a name that’s straightforward, like http://www.totalnetworks.com. A hacker may go so far as to make a malicious website using a URL that looks similar, like Total Networks.ComputerVirus.com, so be sure to take a hard look at the URL before clicking on it. When in doubt, type the URL into a search engine. If it’s a scam, then there will be red flags all over the first page of search results.
The URLS are Mismatched
Another URL scamming technique that you will want to look out for is if the URL displayed in the message matches the actual URL. Hackers will often type a legitimate URL in the message, and then hyperlink their malicious website to it. You can check what the URL really is by hovering over it with your cursor. Depending on which browser you use, you should see the linked URL display on the bottom of the screen. If the address doesn’t match, then it’s likely a scam.
The Email Contains Poor Spelling & Grammar
It’s not difficult for a hacker to make a fake email that looks real. A common tactic is to manipulate a screenshot from an official email originating from a trusted source, like your credit card company. It’s making the phishing email sound real where hackers fall short in their deceptive objective. A large and professional company will hire educated people to handle communications, and even have an editing process in place to catch grammatical errors. Hackers will often lack writing skills, especially if English isn’t their first language.
It’s vital that every employee in your company is trained to know how to spot an email phishing scam. For example, CryptoLocker (one of the Internet’s most wicked viruses) is most commonly spread through phishing emails. This is a ransomware that encrypts all of your data, locks you out of your PC until you pay the hackers ransom money, and deletes your data if you don’t pay up.
Your IT can help protect you from nasty attacks like CryptoLocker and other phishing scams by arming your company’s network with a Unified Threat Management (UTM) tool, and your email inbox with a spam filter. These solutions can provide your business with a strong firewall that will filter out phishing emails and block malicious websites, but even the best security solution will fail if users are uneducated about how to spot a scam.
These are four of the biggest giveaways that you’ve got a malicious email on your hands. There are several other traits of a scam that you need to be on the lookout for; please give me a call if you have concerns or want to learn more about how to keep your business safe from the web’s worst scams.