Email scams are serious business, but there are some things you can do to protect yourself from email hacks and phishing scams. Here's what to do to prevent an account breach, plus how to fix the situation if you find you've been hacked.
That Off-Brand Taste
Here’s the scenario: You get an email from a familiar friend. It’s asking you to check out a file they just sent you, visit a website they want you to see, or maybe even watch a funny video they ran across. You trust them, so you do as they ask. You click away.
You’re transported to a site that feels familiar but oddly “off.” (It’s like the feeling you get when you’re eating a bowl of cereal that doesn’t taste quite right, and it isn’t until you turn the cereal box around that you realize you’ve been eating “Fruit Rings.” You cough and sputter your mouthful of half-chewed breakfast across the cartoon drawing of Parrot Pete on the front. You feel betrayed.) That’s the same feeling you have as you you stare at your computer screen. It’s subtle though, and let’s say you’re checking this email account early in the morning, you’re in a rush, or maybe you just aren’t paying close enough attention, so you blindly keep clicking.
The site politely requests you to sign into your account. You think nothing of it. You type in your email and password and click “enter.”
Uh-oh. You’ve just been phished.
Phishing the Day Away
So, what exactly is “Phishing?”
A phishing scam is a way of hacking into your accounts, typically designed to trick a user into giving out personal information, install malicious software, or even take money. It can take the form of many things, including: emails, phone calls, letters, or even websites.
A Phish Out of Water
Last week, one of Infomedia’s employees was the victim of a phishing scam. As many of our clients know, the employee’s email account began sending out emails by the dozens to everyone in their contact list. Unfortunately, that contact list included every Infomedia client we currently have.
At a mere glance, the email seemed harmless enough.
Like many phishing emails, everything appears to be legitimate. This email attempts — and pulls off very well — to look like an email coming from Dropbox, a popular file-sharing site. It has everything: The Dropbox blue that they’re well-known for, a warning about the file expiring soon, and even a nice little signature from the Dropbox Team themselves. Who wouldn’t want to click that button?
So, you do. You click the button and end up at a site that looks vaguely like Dropbox. How convenient! They now allow you to login with any email address you like!
But by entering your login information, you give the scammers free reign of your email account … and become another statistic.
The good news is, just like the bowl of knock-off cereal, there are typically tell-tale signs that an email or website isn’t exactly what you think it is.
How to Detect that “Phishy” Taste
- The URL doesn’t seem right — One of the fastest and easiest ways to tell if a link/button is taking you somewhere other than what’s being advertised is the URL of the link itself. Most modern browsers will display exactly where a link will take you by simply hovering over it. When hovering over a link, look at the very bottom left-hand corner of the browser to see a small pop-up of where the link leads.
In the instance of the Infomedia email, the big blue button led to a site that wasn’t dropbox.com. The site has since been taken down, but in the best interest of protecting everyone, we won’t post the URL here (just trust us, it wasn’t dropbox.com).
In case you are unable to see the URL in the small pop-up, always make sure you at least check the URL in the address bar of your browser once you have finally clicked the link/button. If the address seems questionable, close out of it immediately. Above all, remember to never enter any personal information into a site you aren’t 100% sure is genuine.
- Spelling and grammar — Typically, an email coming from a reputable source such as Dropbox, Google, Facebook, your bank, or any other large company will be well-written and well-thought-out. If the email you receive has misspellings, poor grammar, or overall doesn’t make sense, then the chances are high that it could be a phishing attempt.
- Strange file attachments — If you receive an email with an attachment, always make sure you know exactly who and where that attachment is coming from. By opening certain files, you may not only open up your own email account to attacks, but you could also be exposing your entire computer, network, or company.
Especially keep an eye out for files ending in: exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, or .php. These types of files are known as “executable files” and can carry malicious code that could very easily compromise anything and everything tied to your system.
- A Request for Personal Information — The end goal of any phishing scam is to acquire some type of personal information. So, even if you feel the source of an email or website is safe, always think twice before giving out any sensitive information that you wouldn’t want someone to get their hands on. This includes things such as: logins, passwords, bank account details, Social Security numbers, etc.
What to Do after You’ve Been Phished
So, you’ve been phished. They tricked you into giving out some kind of information you shouldn’t have, and now the angry emails from your friends and co-workers come pouring in. It happens to the best of us.
If you’ve been the victim of a phishing scam, there’s a few things you should do to not only help remedy the problem, but also help stop it from happening again.
- Change your password — The first thing you should do is change your password. This is the easiest, and sometimes most effective, way of stopping a phishing attack. Without access to your account, the scammers will be unable to continue using your email account as their own personal email-bomb service.
- Virus and Malware Scan — Just in case something has been installed on your system without you knowing, it’s best to go ahead and run a Virus or Malware scan. There are a lot of great, free products out there that can help. Here are just a few:
- Notify the Person/Company — Sometimes the person you received the original scam from may not even know they were scamming you. By alerting them to the issue, it not only could save countless others from falling into the same pitfall as you, but can also help them prevent the issue from occurring again.
In the end, the Internet can be a scary and dangerous place at times. So always keep a keen eye and remember to protect your passwords and your personal information — doing that will help you protect everyone on your contact list as well.