We’ve all received them … that email from a friend that simply has a link. You click it thinking it must be a link to a funny story or video he or she wants you to see. But it’s not. It’s a virus waiting to attack your computer or send out the same email to your entire list of contacts. And if you have a work email, it’s twice as bad because if you clicked on it from your work email, suddenly all your clients are either clicking on it or know that you possibly compromised their email by clicking on such a link.
The people initiating these emails, otherwise known as the scum of the internet world, are getting far sneakier … it’s progressed to include sentences, which sound pretty legit, with a link to a Dropbox file, or contract, so it’s harder than ever to know what’s real and what’s not … “Hey, I need you to check this out,” or “Can you sign this contract?” with a link. When you see “Dropbox” or some other well-known service in the url, you think it’s real. It’s super simple to make a url look like a legit one, when it’s not. Dropbox.com/funny-video <—— That looks real, right? I just linked it to our Southern Edition homepage. It has nothing to do with Dropbox. Just because a link has words you are familiar with, doesn’t mean that’s what it’s actually linked to. I could easily have just linked that to a link that would compromise your contacts when you clicked it.
The viruses and phishing are coming at you via text as well. So, how do you stop it? How do you know what’s real and what’s not? There are even links on Facebook that you shouldn’t click. Today, we show the obvious ones to spot and give some clues on how to spot future ones as well.
SB Tip: If you stop reading right now, please know that the best thing you can do to protect yourself is by using “two factor authentication” with your email provider and your social networks. This means that new logins will require a text message to confirm it is you. Hands down, this protects you best — just in case you do click on that sneaky link.
Let’s start with some definitions:
Email spoofing: “Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.” — searchsecurity.techtarget.com
Virus: “A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.” — webopedia.com
Phishing: “Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.” — searchsecurity.techtarget.com
Malware: “Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware and other malicious programs. It can take the form of executable code, scripts, active content and other software.” — wikipedia.com
How to avoid these inbox landmines:
1) Do not click on a link sent by a friend that doesn’t have real context around it. Do not click on a link sent by someone you rarely hear from.
2) If you receive a text from someone you know, but the message with a link doesn’t make sense, or says the link expires in 24 hours, be suspicious.
3) Before you click on any link in an email or text from someone, make sure it contains specific information that you can verify as unique and intended. If not, simply email or text the person separately (as in don’t reply to the email, and instead send a new email) and just make sure it’s real. Yes, a pain, but trust yourself when you doubt a message as it’s usually with good reason.
4) Keep anti-malware software up to date. For an Apple computer or iPhone, you are in pretty good shape automatically (don’t buy extra software). For a PC, make sure Windows Defender is turned on and that you update regularly.
5) There are really scummy people out there. So, if someone sends you a really good spoofed email and you click it, make sure you have a backup security plan. This means double-authentication. Otherwise, someone will easily gain access to your Gmail account (and all of those Gmail documents), your photos … it’s bad. But, it’s easily preventable. Just do it, okay? To learn more on two factor authentication, see here.
6) Think of email like a con-artist sales call. If you got a call from Sears asking you to verify your credit card number by telling it to them over the phone, you wouldn’t do it, right? (Please say, “Right.”!!) The same holds true for email. If a trusted business emails you and asks you to send personal information, please verify. If they send you a message asking you to log in again, if could be a hoax. If you get this type of email, go to your account on your own to see what the issue is and DON’T click the link in the email to see your account, okay?! Got it?
Examples from cert.org
- email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this
- email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information
If you get such an email, DON’T click any links to reset your passwords! Someone is monitoring this and will have access to your accounts.
This is just the beginning of ways to protect yourself, but it also accounts for the most common ways your own email is being used against you. If you think “that’s odd,” it likely is. Don’t let your common sense and your gut checks stop when it comes to email!
**This just in! If you have an iPhone, update it today (October 25, 2016) to iOS 10.1 — there is a very bad new exploit that needs to be patched immediately. Just looking at some web images can infect your phone! Article link: Security Warning: Update Your iPhone’s iOS Now. Like, Right Now.**
Keep up with the best of life in the South. Follow us on Instagram!