KIND-TECH CONNECT: Tips to Avoid Unkind Email Scams
Most of us receive a massive quantity of emails each day. Some may be from legitimate businesses or organizations we participate with and have elected to receive communications. But, many are unsolicited, and a few might even be dangerous.
I want to share some tips to help you discern if an email might harm your system. Or if an email might be phishing for personal or financial information that criminals or scammers can use.
Cybercriminals have two common goals. One is to convince you to click a fake link to infect your device with malware. The second is attempting to fraudulently obtain your data by posing as a legitimate, trustworthy entity.Malware may generate spam, lock your content, slow your device, or use your device to infect others. Some malware contains the intent to cause as much damage as possible. Other malware to generate money. If you want the malware removed from your device, you have to pay the criminal an exorbitant fee.
Criminals will go after your data seeking login details and financial information. Often these scam emails claim there’s a problem with your account. Of course, these links may be perfectly harmless but dig a little deeper before deciding to click if they seem suspicious.
This article will share some of the top tips for spotting suspicious emails or untrustworthy links.
We can see who the email is from in any email, typically at the top of the message. It’s important to note that if your email system defaults to showing you a name in the From field, you can click on that name to see the actual email address behind it.
If you see just a name, please understand that an individual or source can easily fake it. Think of the From Name similar to the From Address on a piece of mail in your mailbox. It may be the name of who it is actually from, but it could also be a fake name. The sender can write anything on the envelope, and it will still arrive in your mailbox. The same is valid with the From Name in an email.
The next step is to review and analyze the From Email Address. Take your average email structure: firstname.lastname@example.org. Scammers can make this a little tricky by taking a related, legitimate-looking word and adding it to a genuine URL. The critical part of the email address to notice is the portion between the @ sign and the .com/.org/.co/.net/.edu (or alternative extension), with particular attention to what is just before the extension.
I’ll give an example to dive a little deeper. If I receive an email and the From Name is Mickey Mouse, I may get the feeling that the email is a little suspicious (since Mickey and I have not talked in years). So, I click on the name to see the From Email Address. If the address is email@example.com, things look legit, and maybe my friend Mickey has decided to reconnect.
However, if anything is visible between the @ and the .com other than “Disney,” I had better investigate further.
- If the email is from firstname.lastname@example.org, I’m still ok. An email address ending in disney.com is from the Disney mail server, even though there are added words before the .disney.com
- If the email is from email@example.com, this is suspicious. This email is from the houseofmouse.com server
- If the email is from firstname.lastname@example.org or email@example.com, also suspicious. These are not the official domain for Disney. Disney is a big company and would not use any domain other than their main domain address for communications from his majesty Mickey
- Watch for apparent typos in the domain name, like firstname.lastname@example.org, which does not cut the cheese
In summary, the quickest way to spot a potentially troublesome email is to check the From Email Address and confirm the domain appears valid. The .com or other extension is one from which you would expect to receive this type of email.
Some other essential things to check out when confirming the validity of an email:
- Watch for spelling errors and typos in the message (this is a pretty sure sign that something is amiss)
- Keep an eye out for bogus links within the message. Like the way we check the email address, another common trick to misdirect you into thinking a fake link is real is adding extra words into a URL. For example, realbusiness.com becomes realbusiness.com.extrawordhere.com
- Pay attention to button links. Any individual with IT experience can hide a spoof URL inside a button. Often, ‘ Book Now’ buttons are used to do this in scam airline emails. Sometimes just clicking on one of these links can be enough to ping some malware into your device. Still, often they take you to a landing page designed to look indistinguishable from the real thing and try to coerce you into clicking more or sharing personal information or passwords
- If an email is suspicious, do not click any Unsubscribe link in the email (this is just another way the Mickey imposters can lure you in). Instead, block the address and delete the email
- Contact the Organization. The most surefire way to know if a link is valid or not is to contact the business that supposedly sent it. “Hey Mickey, I’m so glad that you reached out. I just wanted to confirm that the email I received was you and not something goofy.” Just make sure when you contact the organization, you use a known email address or information from their official website (don’t click “reply” to the email in question)
These are just a few of the quickest ways to spot problematic emails. Take care of yourselves, Kindness Family! And to be sure that you ARE receiving emails that you do want to see, add the addresses of trusted senders to your contacts or mark them as safe. Messages from our domain @kindnessmatters365.org often find their way into Spam or Junk Mail — we’d love for you to add us to your contacts or safe lists so that we can continue to share all-things Kindness with you!
Author: Shari Kline, Resident IT GURU