Common eMail Phishing Attempts
We've probably all received them at one point or another - the dreaded "You've been locked out of your account" emails. Most likely you are familiar with the Nigerian Prince scam that has been around since the 90's, but would you believe that this email scam still traps people for over half-a-million dollars yearly?
Phishing attempts through email are extremely profitable for cyber criminals and a nightmare for the business world. Having well-educated employees (and students) is nothing less than critical in providing a front-line defense against such attacks.
Below is a list of 10 very common phishing emails; each may have several variants or the wording may be different, but the subject is usually similar. See if you recognize any of the following:
1. "We've Issued a Refund"
2. "A Delivery Attempt Was Made"
3. "We've Detected Unusual Sign-In Activity"
4. "Urgent Action Required"
5. "Thank You For Your Purchase"
6. "Your Information Has Been Compromised"
7. "We've Locked Your Account"
8. "Please Change Your Password"
9. "Update Your Billing Information"
10. "You've Appeared in a Search This Week"
Your best defense against falling victim to one of these misleading emails is knowledge and a bit of common sense. For example,
“We’ve locked your account…” Is there any reason why it would be locked? Did you recently attempt to login and forget your password somewhere? If not, then why would you get that email?
“A delivery attempt was made…” This one is a little more tricky because at some point or another, most individuals order products and get them in the mail. Ask yourself - did I recently order something that I’m expecting? Is there a reason someone would send me a gift? Again, if your situation doesn’t call for it, why would you believe the email?
“We’ve issued a refund…” If you haven’t returned a product or bought anything that needed to be returned, then why would you be receiving a refund?
These 10 email phishing attempts come in many varieties and there are many more out there with different subjects. All are attempts at making you react on impulse and click a link or make you give out information that you really don’t need to do. Best option? Just delete the email without opening it. If you do open it, hover over any links in the address area, subject area, or body (but DON’T click)...does the address that shows up at the bottom of your screen look legitimate? Does it reflect the company’s name that is implied in the email? Is there a secure “https:” at the beginning of the address? The old adage, “if it sounds too good to be true, it probably is” also works here. If it doesn’t look or feel right, it probably isn’t! Be safe and delete or if you’re still unsure you could always call the company being represented; if it’s a legitimate email they should be able to confirm what you’re seeing. Stay smart and stay safe!