From the course: Avoiding Phishing Scams

Avoiding phishing scams

From the course: Avoiding Phishing Scams

Avoiding phishing scams

- [Jess] My name is Jess Stratton and taking this first step to learn how to recognize and attempt to access your data already puts you ahead. I'm going to show you how to evaluate suspicious looking emails critically, so you can protect your computer from malicious ransomware attacks. Let's go over some common types of phishing emails that you may get, so that you'll have the skills to know how to deal with those emails. A phishing email is named because the email is phishing for your information. They're trying to see what kind of information, money, or even mouse clicks they can get out of you. So, I have a few different types of emails here. These are some common phishing emails that I've collected over the years just for lessons like these. Here's the first one. And at first glance, this looks like a very official looking email from UPS. However, to look critically at this email, the first thing that we need to do is see who it's from. I can see that it's from UPS. However, if I hover my mouse over it, I can see that it's not UPS. This is a Gmail address. Secondly, there are a few clues that I can see in here to let me know that something is just not right. The first one is that this is very vague. There's no return communication on this. And it's also using vague words like pending parcel without an actual tracking number. So there's enough vague information here and the email doesn't match up. So, I'm not going to click on this attachment, which most likely will be inviting malicious code into my computer. Let's take a look at this email. This one is telling me that my documents are ready. Please sign them and email them back. And it even has my name in this zip file. So at first glance, this also looks very official. Now, these type of emails are very common. Getting an email that's personal to you, and it looks official and then it has some action. Now, the easiest way to tell if this is fake or not is to know, first of all, if you're getting a notification from an account that you simply don't have. For example, this is from Citibank, and if I'm not even a Citibank customer, then right away I would know that this is a phishing email. But things get a little more tricky when it's actually an account that you have. And in fact, if I hover my mouse over this from email address, it's still checking out. This is from a Citibank address. And in here in the signature file, it's also from Citibank. There's also a very official looking note at the bottom telling me things about the confidentiality notice of the email and what the insurance is like. However, there's a few other clues in here. And here's where we need to start looking critically at it. For example, the grammar is a little bit off, and there's also this extra space before the comma. Also, if I did read this closely, I can see that the grammar and the wording is just off. However, if you're still not sure and you're worried about it, and you'd like to check your accounts just to make sure everything's okay or if this is legit, there's always something that you can do to be confident that your accounts are safe, and that is never click on the attachment or any links in the email itself. Open up a new browser window and access your Citibank or online banking account that way. And you can do the same thing with any account. For example, it's also very common to get these type of notifications about accounts like eBay or PayPal, things that a lot of us have. So in that case, open up a new browser window and log into your eBay account or your PayPal account that way. If everything looks okay, then it is okay, and you can delete this email, or forward it to an auto spam service. Let's take a look at another email. I have one in a different email account. This email says I've been accepted by a Who's Who network. If I click on this email, it's telling me that I've been accepted into a professional community network called Who's Who in America. It looks like it's well-written. However, there's a few things. The first one is this text is an image. The entire thing is a link. And I know this because as soon as I hover my mouse over it, the cursor changes to a hand, meaning it's a clickable link. And if I look down on the bottom left-hand side of the screen, I can see where it's going to take me. In fact, it's showing me things that look like links, when in fact, this entire thing is one giant link. Now, I'm including this example because sometimes you will get an email that very well may be a legitimate business opportunity, and you need to know how to look critically at these, so you're not missing an actual real opportunity. In cases like these, if you're really not sure if it's real or not, you can Google it. So here's the person who wrote this email, supposedly, and it's called Who's Who in America. So, I'm going to Google that. I'll go to my new tab. All right, I can see that this person is the manager of something called Marquis Who's Who, which sounds like a very legitimate and well-respected organization. However, if we go back, I can see that this was Who's Who in America, which is something completely different. Therefore, I can tell that this is not a real opportunity and I can just delete this email. So, these are some strategies to check your emails very critically so that you don't fall victim to these type of scams. Some other common ones are when friends ask you to wire them money. In cases like these, always call the friend. Find a way to get in touch with them. Never wire anybody any money if you haven't actually talked to them. You also may get another very scary email that tells you that they know your password, and they're going to send all of your information to somebody else. It's a blackmail email, and it's no fun to get. However, it's important to note that they do not have all the information about you that they say they do. In cases like these, you can go ahead and change all your passwords, and that's all you need to do. To look critically at emails, you need to go over things like who the email is from, where it's coming from, what the actual email is, and do those things match. And then look at the email very closely. Look for punctuation errors, spelling errors, grammatical errors, things that just make the email seem off. If it seems off, it probably is. And finally, don't ever click on a link directly in the email or download any attachments and open them. If you really want to go check and make sure your accounts are okay, always open up a new window and access it using the site that you know and that you always use to get to that site. By following these guidelines, along with learning how to trust your instincts, you're well on your way to reducing the chance that you'll be a victim to a malicious or ransomware attack on your computer. If you have any questions or comments, you can find me on Twitter @NerdGirlJess.

Contents