Many of today’s cyber-attacks target individual users. The goal of the attackers is to fool you into clicking a link or file that contains malware and lets them into your system. Sometimes the messages will even come right out and ask you to divulge sensitive information under the guise of a trusted service provider or government agency. Here are some tips to help you easily spot suspicious email or web pages.
Phishing emails are meant to entice users into unsafe behaviors by mimicking trusted senders. The emails are frequently crafted to appear as though they were sent from trusted businesses or government agencies. Phishing emails may appear as if they were from Amazon, AT&T, the IRS, the Treasury Department, various county governments, and a host of others.
Spotting a Phishing Email
Here are some tips on how to spot phishing emails.
- Ask yourself if you do business with whomever the sender is. If you don’t use AT&T, for example, there is probably not a problem with your account.
- Keep an eye out for misspelling and bad grammar. Many of these attacks originate from other countries and can be easy to spot.
- Look for odd domain extensions. Common extensions are .com, .org, and .gov. If you see odd extensions be wary.
- The message threatens punitive action. Some hackers will try to prompt you into unsafe behavior by threatening fines or penalties. If you think it might be a legitimate message, pick up the phone and call them to verify; don’t click any links, files, or images.
- It looks too good to be true. Like many things in life, if it looks too good to be true it generally is. Don’t click that link for a chance at a free laptop or $100 coffee shop gift card, unless you are 100% certain of the sender.
A URL is the address for a web page. Hackers frequently use web pages to deliver malicious code. They can be pretty creative about masking the addresses to their web servers. We all know that when you click on a hyperlink in a message, email, and sometimes images it will take you to a webpage. For the sake of convenience and appearance the address of the web pages are hidden. You can’t look at a link and know where it will take you.
The obvious question then is how do you protect yourself? Just remember two key words: Awareness and Context. Always be AWARE that when you click a link you are blindly trusting in the good will of whomever created the link. Always remember the CONTEXT of the media being used to present the link. Are you on a secure site for a well established business? Is it a government website? Was it an email that you were expecting? Taking the context into account will help you identify suspicious situations.
Whenever possible, log off or lock any device where you use your credentials to sign in.
Why is this an important topic?
There is no easier way to gain unauthorized access than by walking up to an unattended and unlocked computer. Many of us take for granted that our computer is secure and don’t see the importance of locking it. Some people see it as an inconvenience or think it will be alright if they’re only away for a few minutes.
When you leave a computer unlocked, anyone can use it and assume your identity; thereby, gaining access to applications or files for which you have access. Sadly, these are not hypothetical exploits. It is all too common for unauthorized users to engage in inappropriate activities using unlocked computers.
When you log in to a company provided computer, it’s not quite the same as logging in to your home computer. As an authorized user, your login is granting access to the secure portions of a network and data centers. With many companies, applications automatically log you in and once you’re logged in, many users save their web logins in the browser.
An unattended and unlocked computer can give unauthorized people access to data, deliver malware to servers and other computers, and potentially access confidential web resources if passwords are saved in the web browser.
Personal Identity and Accountability
You are your login. Any activity is tied to you when you are logged in to a system or application. If your computer is unlocked and an unauthorized user starts using your computer, all of their activity shows up as you.
Take the time and be cautious to protect yourself against cyber-attack.