Sent, Delivered, Scammed: Protecting Yourself from Email Phishing
March 15, 2022
March 15, 2022
At one point in our lives, we receive a short, sweet email with the click-bait words “You’ve gotta see this” or “You won’t believe what you did the other night”. It might be an email with just a link and no explanation whatsoever. And we are all human, which means we are prone to acting on curiosity in the hopes of reward. When we click on the link, somebody gets rewarded alright – it’s just not us.
Email phishing is one of the big ways hackers can steal your data. From passwords to bank account information, one lucky hacker can have it all if you simply click on a link or image. You on the other hand are gifted the stress and despair of recovering said information, resetting all of your passwords, debating monetary charges, and so on and so forth. Your side of the exchange is about as fair as your house getting robbed.
But how were you to know that email was a scam? How were you to know it was a phishing attack? How were you to know your friend or coworker was hacked, and the perpetrator was continuing their spree with you?
No one is invincible to hacks or phishing scams. NexTech Solutions’ security team states, “It is not whether you will receive some sort of attack; it’s really a matter of when. And when you receive one, you need to be prepared on what to do next.” Thankfully, most email systems are programmed to detect suspicious emails and links and send them straight to the Junk box, where they are never opened unless specifically sought out. Some suspicious emails still spill through to your inbox though, and in this blog, we will give you some tips on how to keep yourself from getting your information stolen.
We often hear the phrase “Don’t click” when referring to suspicious webpages and links, and this advice is one of the most fundamental principles of cybersecurity. You can go a step further by taking the following actions:
Hover – When met with an email claiming to be an official website with a hyperlinked button or image, hover your mouse over the image. The actual URL will appear in tiny scripting either right below the mouse or on the bottom left corner of your web browser, either matching or contrasting from the larger hyperlink. While the scripting may be a lot to read, doing so could be the first step to determining a link’s validity. Still, even if the script and hyperlink match, that doesn’t mean following the link is safe. For this reason, you’ll want to move onto the next steps.
Look for the Top-Level Domain (TLD) – The end of a URL (where you find the “.com”) says a lot about the link’s legitimacy. If your URL ends in .gov, .org, or .edu, this means the site in question is either a government, nonprofit-organization, or educational resource, all of which are refutable and safe to visit. Meanwhile, beware of .com and .net, which stand for commercial and network resources respectively. These are the most common TLDs, and anyone with the right amount of cash can apply for one, including scammers. You should also watch out for custom TLDs, such as .macy or .train. Customized domains have begun trending in the cyber world due to their cost efficiency in comparison to the more official TLDs (as read previously). That’s not to say the last three examples are always fraudulent (as you can see clearly from the URL, NexTech Solutions uses a .com TLD), but you should definitely be wary of phishing when sent an unknown address with any of these URL endings.
Do Your Research – Humans don’t always appreciate feedback, especially if there’s a chance it will be negative; and honestly the Internet can be filled with so-called “haters”. But when confronted with an unknown site or suspicious email, web reviewers are a user’s best friend. Typically, if your email is a scam, you won’t be the first to have received one like it. Scams sort of trend in their own malicious way. Do a Google search. If there are reports online about others being subject to similar fraudulent emails via specific websites or addresses, chances are your emailed link in question is not safe to investigate.
Verify by Other Means – Obviously, you wouldn’t reply to a suspect email with an unknown URL and address; but what if you’ve received a questionable link from one of your co-workers? Even employees in the technology industry can have their email and messaging accounts hacked. The best way to determine the validity of said email is to verify using another means. Suppose you get sent a link without any explanation or information from What’s-their-Name in a hypothetical department. The best way to quickly verify the information is to just ask them personally, either to their face, over the phone, or through another one of the messaging platforms they use. Our security team additionally states, “If it is work-related, always reach out to your IT Lead or your Security Team. Remember: If you see something, say something!”
These steps are small and simple, and they take maybe a minute to accomplish; but if it means your data is safe from attackers, the precautions are worth the minimal time and effort.