A moment’s web search suggests that an average office worker receives over a hundred emails a day and sends around forty business emails daily. Some of those emails will be bogus, but we are all working so hard. We are stressed and busy. How can we tell if something is legitimate?
If you stop and think, you will be very hard to trick. Here are some easy and specific things anyone can do to prevent being suckered.
What's the rush?
Reject the notion that anything in an email or on a web page is of dire importance and/or must be responded to in a frightful rush.
If you have a pop-up that says you must click on it within 30 seconds or the FBI or Microsoft Support will be involved in your life, it simply cannot be true. That is not how life works, and we should all know it.
Microsoft Support is super, but they will never push themselves on you, even if you really need them. The FBI does not have the resources to proactively monitor your laptop, right? RIGHT?! If the CEO of your organization sends you an email that asks you to click a link and wire $10,000 to an account right away, you can give her a call to make sure she really sent that. (She probably did not, and will commend your caution even if she did.)
What would have happened had you been on a coffee break when you otherwise read that email? Everything can wait ten minutes.
How likely is this?
Many times, a fraudulent email or web request will seem sort of legitimate, but something will be just a little bit off.
Maybe you know your co-worker is in Costa Rica. It is sort of plausible, then, that he truly is in trouble and needs help. If that were so, would the request for help come via email, and to you? Does it really make sense?
Perhaps you really do have a Bank of Canadia checking account. Do they send you emails with links that require you to enter private information? (Hint: They don't, or you should get a better bank.) If you really think Bank of Canadia needs input from you, open a separate browser window, type in their address, and/or call customer service on your telephone. It might take a few minutes, but will be far better than spending hours or months of frustration dealing with the aftermath of identity theft.
If your work account password were compromised, would your IT department send you a link to a web page to reset your password? Call them and verify any such link. They are almost certainly taking better care of company passwords that that, and would never send such an email.
Who is this from, really?
It is quite easy to create a fake display name, because of the way HTML (the programming code for web pages) works. Here is a picture of the HTML syntax used for a typical link to an email address.
For the most part, though, you can discover such fakery if you just hover your mouse cursor over the link. Here is an example using the syntax, above, the way it might appear (fake), and how you can tell it’s fake, just by using your mouse. Hover with your mouse cursor over the link. Is it really from your boss/bank/bestie?
SMTP governs the way email servers pass emails around. It is pretty simple and efficient. Also, it is pretty easy to pretend to be a legitimate sender and get a server to send a bogus email. (A friend of mine once sent me an email from “GOD.”) With a telnet application, one can use simple commands like these to send an email via many mail servers. Looks like it is from Bank of Canadia Customer Service, but it is not. The “here” in the email will be a link, with the “<a href…>” URL details hidden (unless “John” hovers over the link with his mouse cursor).
That “click here” link will look like this when John hovers over it with his mouse cursor.
These days, clicking a link or opening an attachment is something you should evaluate for safety/plausibility every single time. Using your mouse to hover over any suspicious links, taking a minute to think and get some coffee, and/or calling your boss/friend/bestie to verify links and attachments will keep you pretty safe.
Poor spelling and/or grammar used to keep us fairly safe. Those days are mostly behind us. Many criminals now possess an excellent command of the English language. I left a mistake or two behind in the screenshots, just for old times’ sake. Did you spot them?
Most companies now have an anti-SPAM AND an anti-virus program protecting their user communities from fraud and lawsuits. The best defense against fraud continues to be wariness and not being rushed.
Do not rush, especially when you are interacting with hyperlinks or attachments.
Contact Bolt Forward today, to find out how we can offer your business security and peace of mind.