Home Sms code Don’t get caught! How to spot phishing scams via email and...

Don’t get caught! How to spot phishing scams via email and SMS

16
0

I checked my emails over the weekend and among the usual promotional messages, letters to the readers, PR content and obvious phishing attempts in my inbox, there were a few emails linked to my YouTube account. Recently, Google warned that hackers were sending phishing emails to YouTube creators, offering antivirus software in exchange for a review on the channel. The antivirus was actually malware designed to steal browser passwords and cookies, which can also contain login credentials.

Opening cold emails in the age of phishing

Just to be sure, I haven’t opened the messages or clicked on the links in the YouTube-related emails, but it occurred to me that it’s hard to identify a legitimate contact there. era of frequent phishing attempts. PCMag’s chief security analyst, Neil J. Rubenking, recently wrote about this dilemma, after helping a friend determine whether an email claiming to be from Facebook was a phishing lure. In the end, this email turned out to be a real marketing message from Facebook, but he had to go through several stages to determine the legitimacy of the message.

Facebook keeps a verified match list in the account area of ​​your profile, so it’s easy to match emails you receive in your inbox with messages you see from Facebook in your account. But what if you want to verify that an email is from someone you know and contains safe links? The United States Federal Trade Commission offers some steps you can take to stay safe.

  1. Look at the From email address. If you don’t recognize the address or sender, think twice before opening any links in the email.

  2. Locate a generic greeting. A business email usually doesn’t start with a casual greeting like “Hi, dear.” An email from a friend usually won’t misspell your name or address you with an honorific like “Mr., Mrs., or Miss.”

  3. Look at the link URLs. Hover over links before clicking on them. Your browser will reveal each one’s web address. If the link looks suspicious (for example, a link claiming to be from Netflix takes you to a completely different domain), don’t click on it! Delete the email or report it as spam and move on.

  4. Beware of emails that ask you to click a link to update your payment information, update your account information, receive a coupon for free items, or include an invoice you’re not expecting .

How to Fight Phishing Email Scams

Even the most vigilant email user can be caught off guard by a malicious link in an email. Add extra layers of protection to your online life so you can mitigate the damage caused by scammers.

  • Use security software. The best antivirus and security suites include built-in phishing protection. Configure the software to update automatically and run in the background to protect against phishing attempts.

  • Use multi-factor authentication wherever you can online. Even if a scammer manages to get your username or password, if you set up multifactor as something you own (a hardware security key or authenticator app passcode), or something you are (a scan of your fingerprint, retina, or face) makes it harder for bad guys to log into your accounts.

  • Back up your data. Regularly copy your important documents and information and store them on an external hard drive or with a backup or online storage service.

Do you like what you read ? You’ll love having it delivered to your inbox every week. Sign up for the SecurityWatch newsletter.


Phishing on your phone

After speaking with some of my PCMag colleagues about phishing, they noted that they had recently been victims of SMS phishing attempts, also known as “smishing”. Here are some examples of smishing, one is an attempt I received last year, and another that a colleague received recently:

If you’re not careful, these types of messages can trick you into disclosing valuable information about yourself or downloading malware to your phone.

Recommended by our editors

Both messages came from an unknown phone number. Both requested action related to a finance-related issue, and both contained suspicious links. The first post is from an unknown company about a product I never bought, and using the bit.ly link shortener is a common way for smishers to encourage their victims to click. Citibank’s message is disturbing because the link address is slightly off, with a dash instead of a dot between “support” and “citi”.

For years, security researchers including Andrew Conway have noted that SMS spam could be reduced by mobile carriers if they stopped offering unlimited SMS plans. Until that happens, the best way to fight mobile spam in the US is to forward messages to the SPAM short code (7726).


What else is going on in the security world this week?

Security Watch newsletter for our top privacy and security stories delivered right to your inbox.","first_published_at":"2021-09-30T21:22:09.000000Z","published_at":"2021-09-30T21:22:09.000000Z","last_published_at":"2021-09-30T21:22:03.000000Z","created_at":null,"updated_at":"2021-09-30T21:22:09.000000Z"})" x-show="showEmailSignUp()" class="rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 font-brand mt-8 container-xs">
Do you like what you read ?

Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use and Privacy Policy. You can unsubscribe from newsletters at any time.