We’ve all received them … that email from a friend that simply has a link. You click it thinking it must be a link to a funny story or video he or she wants you to see. But it’s not. It’s a virus waiting to attack your computer or send out the same email to your entire list of contacts. And if you have a work email, it’s twice as bad because if you clicked on it from your work email, suddenly all your clients are either clicking on it or know that you possibly compromised their email by clicking on such a link.

The people initiating these emails, otherwise known as the scum of the internet world, are getting far sneakier … it’s progressed to include sentences, which sound pretty legit, with a link to a Dropbox file, or contract, so it’s harder than ever to know what’s real and what’s not … “Hey, I need you to check this out,” or “Can you sign this contract?” with a link. When you see “Dropbox” or some other well-known service in the url, you think it’s real. It’s super simple to make a url look like a legit one, when it’s not. Dropbox.com/funny-video <—— That looks real, right? I just linked it to our Southern Edition homepage. It has nothing to do with Dropbox. Just because a link has words you are familiar with, doesn’t mean that’s what it’s actually linked to. I could easily have just linked that to a link that would compromise your contacts when you clicked it.

The viruses and phishing are coming at you via text as well. So, how do you stop it? How do you know what’s real and what’s not? There are even links on Facebook that you shouldn’t click. Today, we show the obvious ones to spot and give some clues on how to spot future ones as well.

SB Tip: If you stop reading right now, please know that the best thing you can do to protect yourself is by using “two factor authentication” with your email provider and your social networks. This means that new logins will require a text message to confirm it is you. Hands down, this protects you best — just in case you do click on that sneaky link. 

Let’s start with some definitions:

Email spoofing: “Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.  The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.” — searchsecurity.techtarget.com

Virus: “A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.” — webopedia.com

Phishing: “Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.”  — searchsecurity.techtarget.com

Malware: “Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware and other malicious programs. It can take the form of executable code, scripts, active content and other software.” — wikipedia.com

How to avoid these inbox landmines:

1) Do not click on a link sent by a friend that doesn’t have real context around it. Do not click on a link sent by someone you rarely hear from.

phishing

Here is an example of an email that you shouldn’t click on. A couple of clues: (1) There is no context as to why you should click this. (2) The group this was sent to are not a group of people that really belong together. (3) This was sent from a school email address, so it likely means you assume it was real as when it comes to your kids, precautions go by the wayside. Not so! If this is from a teacher, coach or school administrator, please notice the email still doesn’t make sense. Just because it’s from a trusted source doesn’t mean you should trust it.

email-phishing-example

Another example of email phishing. Just don’t click!

2) If you receive a text from someone you know, but the message with a link doesn’t make sense, or says the link expires in 24 hours, be suspicious.

text-messages

If you click on a link from Everalbum, just know that they will text out to some or all of your contacts with the same message. This is an example of this company using viral messaging to spread the use of their app. I’ll leave commentary on how good this business practice is to others … Actually, no, I won’t — it is scummy! (For more on how this company is spreading it’s app via a virus, click here.)

3) Before you click on any link in an email or text from someone, make sure it contains specific information that you can verify as unique and intended. If not, simply email or text the person separately (as in don’t reply to the email, and instead send a new email) and just make sure it’s real. Yes, a pain, but trust yourself when you doubt a message as it’s usually with good reason.

4) Keep anti-malware software up to date. For an Apple computer or iPhone, you are in pretty good shape automatically (don’t buy extra software). For a PC, make sure Windows Defender is turned on and that you update regularly.

keep-anitmalware-up-to-date

This is one that StyleBlueprint fell for. It looked real and came from a client. So, our salesperson clicked on it and it sent out to all of her contacts. When I got it in my inbox, my anti-malware was up to date, so I got this big warning sign. Note that these do not pop up on all email spoofing messages, but they do for some. This allowed me to know this was suspicious. We were able to immediately warn the rest of our company and our clients.

5) There are really scummy people out there. So, if someone sends you a really good spoofed email and you click it, make sure you have a backup security plan. This means double-authentication. Otherwise, someone will easily gain access to your Gmail account (and all of those Gmail documents), your photos … it’s bad. But, it’s easily preventable. Just do it, okay? To learn more on two factor authentication, see here.

6) Think of email like a con-artist sales call. If you got a call from Sears asking you to verify your credit card number by telling it to them over the phone, you wouldn’t do it, right? (Please say, “Right.”!!) The same holds true for email. If a trusted business emails you and asks you to send personal information, please verify. If they send you a message asking you to log in again, if could be a hoax. If you get this type of email, go to your account on your own to see what the issue is and DON’T click the link in the email to see your account, okay?! Got it?

Examples from cert.org

  • email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this
  • email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

If you get such an email, DON’T click any links to reset your passwords! Someone is monitoring this and will have access to your accounts.

This is just the beginning of ways to protect yourself, but it also accounts for the most common ways your own email is being used against you. If you think “that’s odd,” it likely is. Don’t let your common sense and your gut checks stop when it comes to email!

**This just in! If you have an iPhone, update it today (October 25, 2016) to iOS 10.1 — there is a very bad new exploit that needs to be patched immediately. Just looking at some web images can infect your phone! Article link: Security Warning: Update Your iPhone’s iOS Now. Like, Right Now.**

**********

Keep up with the best of life in the South. Follow us on Instagram!