The most common and highly successful scams on the internet are accomplished through a technique known as “phishing.” There is a plethora of information out there about phishing, the best place for basic research on the history and details is here (http://en.wikipedia.org/wiki/Phishing). Without becoming a phishing expert, learn this one tip below to become well armed and spot these a mile away.
- What is phishing? To put simply, it is the process of trying to gain access to someone’s person information, by pretending to be a legitimate organization that the victim belongs to.
- How does it work? You know how you receive emails from services asking you to change your password, or provide additional information? Often times it is legit, but other times it’s not and if you follow the link and fill in the forms, you are providing a thief some personal data.
- How can I spot a phishing scam? The subject of one of these emails usually matches the subject of a legit email you receive. A couple of the latest ones are from UPS, telling you there is a package waiting and another is from Facebook, about your weekly update. Most email programs, Google’s Gmail especially, have very good spam filters and these types of emails already end up in your junk folder. Yet some people may think they are incorrectly there and remove them from spam. Don’t ever remove anything from spam unless you are 100% certain it does not belong there.
- Any other way to spot fake emails? If you are a little more technical, you can dig into some of the pieces of the email by looking at the header. In Gmail that is located in the “More” drop-down to the right of the “Reply” arrow. Just click “More” and then “Show Original”. Other programs may have an option that says, “Show Header”. The very top portion of this header is what you are interested in. Specifically the portion about SPF, DKIM and DMARC. Without going into more details, these are some of the most important pieces of the email that the sender needs to have accurate or else they get rejected or placed in junk. In the header they will start with a pass, soft pass or fail. If they are a fail or do not even exist, chances are this email is bad. It’s not a guarantee, even legit organizations may not have properly formatted headers, but that’s their problem not yours. The first thing though, that I like to look for is to make sure the domain matches the name in the “From” field on the email. The reason for this is the “From” field can be spoofed very easily, since it’s basically just a label. In the header however, the senders server has to attach it’s domain name and in most cases the fake emails will not match.
- What to do if I accidentally responded to one of this info requests? First, do a complete scan of your computer. These fake sites can also push malware and viruses to your computer, so you want to make sure that is not the case. You do have anti-virus with internet security installed, right? I have personally always used Norton and I have some stories I can tell that will convince others to use it, but that’s for another article. Next, make a note of all the info you entered and log on to your accounts that may be compromised with that info and change your passwords. It’s good to change your passwords regularly anyway, but in this case it should be done immediately. If any info is financial institution related, call your bank, your credit card companies and let them know this happened. They will do their part to add some extra security to your accounts.
As I said before, you can find a lot of info online to educate yourself about phishing scams, but I have a single rule of thumb that I personally use and tell everyone to use as well. It does not require learning everything you can about these scams and it goes like this…
Do NOT click links in emails that you can’t validate or are related to sites with personal data. If you think your bank (or anyone) needs you to login and change your password, and even for the emails that tell you a new bill is available, don’t do it through the email link, go directly to the website you normally go to and login through that process.