Last month on the news, you may have heard on the news about a recent email scam that compromised the security of not only thousands of people throughout the world, but also the employees at some of the world’s biggest and most secure corporations like Google.
Gmail users (Google’s own email service) reported receiving an email from one of their contacts that invited them to view a document online. When the victim followed the link, the scammer would gain full control of their Gmail account and all associated online services such as YouTube accounts and Google Docs. Google has since announced that the scam was shut down after an hour of activation, however thousands of people claim to have fallen prey to the malicious cyber-attack.
This type of email scam is called ‘Phishing’ (pronounced the same as ‘fishing’) and is one of the leading types of cyber-crime that affects millions of people around the world every day. Once the attacker has your private information they can hold your online accounts to ransom, blackmail you with any sensitive information they may find or simply carry out any number of illegal activities using your identity.
This may sound alarming, but protecting yourself from these types of attacks is actually fairly simple. Listed below are a few techniques you can use to identify a potential scam email and to minimise the damage that may result if a scammer does get hold of your sensitive information:
1. Check for obvious signs of a Fraudulent email
Emails from unknown senders that are simply text with a link or are riddled with typos should immediately raise some red flags. These are very common scams that are sent out by the thousands and will often link to a page that then asks for money or personal details.
2. Check for less obvious signs of a fraudulent email
Many successful phishing emails disguise themselves as legitimate emails from companies that you have frequent access to. Some of these more sophisticated scam emails even use the same logos, fonts and graphics. These emails can use similar language to a regular business email and often threaten to cut off your service or offer a fine if you don’t take action. A few ways to tell if this is legitimate:
- The email will use a generic message and won’t use your name.
- The email won’t have your customer number, username or any other personal information that you have with the service.
- The email will ask for your personal information. Companies shouldn’t ever ask for you to supply your personal information in an email.
If you’re still unsure if the email is fake or not, manually type the website address into your internet browser and go to the website. Most online businesses and services will have a message system that will inform you of any issues that you may have with your account, or contact the business directly via the customer service number supplied on their website. Do not call a phone number supplied in the email as this may also connect to a scam phone line.
3. Carefully check the address of the sender
Depending on which email client your using, fraudulent emails can often appear to be sent by a contact of yours. This is an issue particularly with Apple devices and an easy way to check if the sender is actually known to you is to click the email address in the ‘From’ field of the email. If the email originally appeared to be sent from “David” in your contacts, clicking the email address might reveal a strange and unknown email address that you should be weary of.
4. Never click a link in a suspicious email
Unless you are 100% certain that you need to open a file sent via email, even from someone you know, never click a link in an email. This is one of the quickest ways that phishing scams spread: one user will fall victim to a scam that will then email everyone on their contact list with a link to the virus, and the cycle repeats. Double check the user’s email address and if you think the email address is legitimate, email them back to confirm that it is really them on their accounts wanting you to open a file and that their account hasn’t been compromised.