Don’t be a “phish.” Learn as much as you can about malicious email. Teach your employees (and your children at home) to think before they let their curiosity overcome their caution and knock on the door to that scam web page. Remind them never to click on that innocent looking attached .jpg file. The benign .jpg file extension could actually be a covert .exe or a .zip file. Opening that file could call up a malicious site leading to a nightmare of consequences. It is known as phishing.
The Fake Web Page
Phishing relies on people’s natural curiosity, attraction to a bargain (or free) offer, or simply fear that someone else has hacked into their online banking, PayPal, IRS accounts. The hacker sends an email that appears authentic, complete with logos, and other realistic looking links that one would expect. The text of the email could include a fake offer, story, or warning to lure the victim into clicking on a link or calling a phone number.
The Exploding Attachment
This scam might be an email from someone the victim knows from Facebook. It has a cheery message like “I found this great classic photo of the Beatles. Check it out!” The photo file is labeled “The Fab Four.jpg,” and looks innocent. It’s real title is “The Fab Four.jpg.zip.” The .zip extension is hidden, because your system likely hides real file extensions.
Click on that attachment, and all kinds of bad things can occur. Your computer could be instantly infected with malware that harvests your email contacts to further propagate itself. In fact, the original email was likely a result of the Facebook friend’s hacked account.
Spotting the Fake Email
Typically, the phishing email includes a message that the user account has either been hacked or frozen. The telltale signs of a phishing email include:
If it still looks real, it probably isn’t
The tie-breaker is this: PayPal, commercial banks, the IRS, nor any other reputable online financial institution never send requests that customers verify account or personal information. PayPal never sends attachments with customer notifications, and the IRS doesn’t initiate contacts with taxpayers by email. When in doubt, check it out. Report suspicious email by logging on to the affected site and following their instructions. For example, PayPal asks that customers forward suspected scam emails tospoof@PayPal.com.
Looking for additional help in the area of cyber security? Ekota Central is the trusted choice when it comes to staying ahead of the latest security threats, information technology tips, tricks, and news. Contact us at (780) 421 or send us an email at -firstname.lastname@example.org for more information.