How to avoid falling for email scams – Yahoo Finance

Early one Sunday morning my editor, Yahoo Finance’s Erin Fuchs, checked her personal email and was surprised to have a message from PayPal (PYPL). The missive said she had recently changed her password, and asked her to call a phone number if that wasn’t the case.

It wasn’t, so Fuchs called. The email had come from a “service@paypal.com” address and included a link to the PayPaypal website. However, she immediately became suspicious when the person on the other end of the line asked for her credit card information to “verify her account.”

Phishing email.Phishing email.

It doesn’t matter who you are, or what email service you use. If you have an email account, you’ve absolutely received some kind of scam, or phishing email just like my editor.

Most of the time these emails are relatively easy to spot. Some African prince or other wealthy individual wants to send you money until they can make it to the US. You just need to send them your bank account information and Social Security number.

But criminals are quickly changing their tactics, and firing off more sophisticated emails in an attempt to trick you into giving away your personal information. According to Gary Davis, chief consumer security evangelist at Intel (INTC) Security, in a recent study more than 19,000 people were asked to look at 10 emails and identify which ones were scams. Just 3% of respondents were able to find all of the phony messages.

Worse still, some phishing messages contain ransomware, which is used to lock down your entire computer until you pay the culprits a ransom.

Yes, it’s a scary world out there. But there’s hope. If you follow some of these quick tips you’ll be able to stay one step ahead of the bad guys.

Read the subject line and sender’s address

Phishing emails are designed to sucker as many victims as possible, so they cast a wide net by covering topics like banking and package deliveries, two things most people generally receive emails for.

You should be on high alert if you get a message from an unknown sender with a subject line mentioning changes to your bank account or that you need to pick up a package that can’t be delivered, and you aren’t expecting either of those things. It’s probably a phishing attempt.

Just delete the message and move on with your life.

Hover over links

Okay, so you can’t remember if you changed your bank account info or aren’t sure if you have a package in the mail, so you open the email. That’s cool. As Intel Security’s Gary Davis explains, it’s rare for an email to execute some kind of code on your computer just by opening it.

Phishing emails.Phishing emails.

The message, however, tells you to click an embedded link to check out the changes to your account or the status of your package. What do you do? Simple: Hover your mouse over the URL. Most web browsers automatically display the address a link will send you to when you hover over it. If the email says it’s from your bank or delivery service, but the link points to a different site, don’t click it.

Urgency is suspect

A good number of phishing emails try to get you to act before you think by adding some sense of urgency to their messages. An email telling you to log into or verify information for your bank or other account labeled “Final Warning” or “Urgent Notification” should set off warning bells right away.

Kevin Haley, director of product management for Symantec’s (SYMC) Security Response, explains that users should be suspicious if they receive an email with a URL or attachment that is trying to get you to click on something right away.

An scam email ordering you to do something immediately.An scam email ordering you to do something immediately.

Russian agents are widely considered to have used this exact method to break into the Democratic National Committee’s server’s via a phishing email.

So if you get a message telling you to do something instantly, ignore it. If you think it’s legitimately from your bank, skip the link and just go directly to your company’s website.

Hooked on phonics

The easiest way to identify a phishing email is if it’s loaded with grammatical errors. As Microsoft points out in its phishing email primer, legitimate businesses hire professionals to ensure that communications with customers are mistake free. Criminals? Not so much. So if you get an email that’s strangely formatted, and is loaded with enough grammar issues to drive your 5th grade English teacher insane, delete it.

Spam email with poor grammar.Spam email with poor grammar.

Patience is a virtue

A lot of people who fall victim to phishing emails do so because they’re simply in a rush. They’re in the middle of cooking dinner and taking care of two toddlers, see an email from their bank and BAM, that’s that. So how do you fix this? Just take a few minutes, breath and read your emails carefully. That’s pretty much it.

What to do when you’re hooked

So you’ve clicked a link or downloaded an attachment in a phishing email. You’re pretty much done for, right? Not exactly.

Both Davis and Haley suggest that if you realize you’ve been the victim of a phishing scheme and you’re fast enough, you can change your passwords on any affected websites before the criminals get access to your accounts. If you can’t do that, your best bet is to disconnect your computer from the internet and run some kind of antivirus program.

Disconnecting your computer ensures that any malware you downloaded can’t communicate with its home server and steal your information, while the antivirus program takes care of anything on your machine. You should also enable two-factor authentication on your accounts, which requires that you enter both your password and a second string of characters usually sent to your smartphone via text or an app to keep people from accessing your information. 

If, however, you’ve given your private information to someone via email, well, your best bet is to use a credit monitoring service to make sure that no one is opening credit cards in your name.

More from Dan:

Email Daniel at dhowley@yahoo-inc.com; follow him on Twitter at @DanielHowley.

Comments

Write a Reply or Comment:

Your email address will not be published.*