Email phishing has been an ongoing problem for years. Scammers convince vulnerable individuals to click on links within those emails, where they may immediately download a virus or provide compromising personal or login information to the scammer.
Now, with COVID-19 causing fear and even panic across the United States, there are more phishing threats out there than ever. Worse, many scammers are preying on the vulnerability people already feel related to the pandemic and taking advantage of it to convince them to allow those viruses into their lives.
Recognizing Phishing Emails
One of the most vital things the average person working from home is learning how to recognize common scams, including phishing emails. Some scammers have grown incredibly talented at producing emails that look like the “real thing.” They may perfectly mimic emails coming from companies you patronize, including PayPal and Amazon. Even the “sender” you can view in your inbox may look like the real thing.
By learning how to recognize phishing emails, however, you can protect both yourself and your family members. Phishing emails:
Often contain outlandish promises or demands. Scammers may promise a “cure” for COVID-19 or a “surefire way to avoid the virus.” They may contain links to products or services that you do not recognize. Always double-check any information promising something incredible, especially if it doesn’t seem to be in line with what you’re hearing from other sources.
Demand personal information. Most of the providers that you work with on a daily basis aren’t going to ask for your personal information. Unless you’re working directly for the company that’s shipping you materials, that company does not need your social security number, and probably doesn’t need your date of birth. If you don’t recognize the purchase, there’s probably no need to provide “alternate payment information.” In fact, even if you do recognize the purchase, you should contact the company’s customer support team directly, rather than simply assuming that you need to send in more information.
Attempt to create a sense of fear. “Your account has been compromised! Click here right now to avoid having your access cut off.” “Someone has made a really large purchase on your account that doesn’t seem normal for you. Click here to respond and make sure you don’t end up responsible for a huge purchase.” “There’s something wrong with your account!” Sound familiar? Scammers want to create a sense of urgency that will convince you to respond immediately, without taking the time to think it through.
Do not actually come from a reputable source. Hover your pointer over the top of the “sender” line in the email. Does it still look like it comes from a reputable source? Often, those emails will come from random email addresses that are little more than a collection of letters and numbers–nothing like the authoritative, recognizable email addresses you’ll usually see from the companies you interact with most often.
Use a generic identifier. Instead of identifying you by name, a phishing email may identify you by “valued customer” or “sir or madam.” A genuine email from a company that you interact with regularly will most often contain a personalized salutation.
Send you to the wrong URL. If you hover over a link, rather than clicking on it, you will be able to see where that link leads. If it’s not a legitimate site, the one that you recognize as the one you’ve always done business with in the past, chances are, it’s not a legitimate email.
Are more likely to contain serious spelling and grammar errors. For many scammers, English is a second language. Others may attempt to turn out emails so fast that they don’t have a chance to proofread properly. Legitimate emails from the companies you follow may contain some spelling and grammar errors entirely by accident, but scam emails are often riddled with them. If you notice multiple spelling and grammar emails in an email, you should take a closer look at it.
Protecting Yourself Against Phishing Emails
Phishing emails can cause substantial problems–but only if you fall victim to those scams. To protect yourself, make sure you’re following these critical steps.
1. Never click on a link directly from an email unless you know where it’s coming from. If an unsolicited email arrives in your inbox, begging you to check out some specific piece of content, avoid clicking on the link. That email is more likely to contain spam, and the link could lead you to a virus-laden site that will quickly infect your machine. When in doubt, enter a known web address directly into your web browser. Do not simply copy and paste an unknown or unfamiliar web address from an email.
2. Check for the secure icon alongside web addresses if you do visit a website. The “secure” icon appears as a lock, indicating that you’re visiting a secure website. In the absence of that icon, you are probably visiting a scam site.
3. Avoid giving out personal information via email. If you receive an unsolicited email, do not simply give out personal information, including your name, address, account information, or payment information. If you do receive an email that you think comes from a legitimate source, and it asks for private information about an account or about your payments, call customer service directly. Get the email straight from the company’s website, rather than taking it from the email. If customer support legitimately needs information from you, they should be able to identify it when you call in, and you will avoid mistakenly giving your information to a scammer.
4. Delete the email. If you do receive an obvious phishing email, there’s no need to panic! That email cannot hurt you by its mere existence, and as long as you don’t click on anything in the email or download an attachment, it can’t mystically transfer viruses to your machine. When in doubt, delete the email. There’s no need to keep the email in your inbox, where you might later respond to it by mistake. Instead, go ahead and delete it, then go about your day.
5. Avoid downloading unsolicited attachments from an email. If you do not recognize the sender in an email, or if you find that you have received something you didn’t expect from an unusual source, do not download the attachment. Keep in mind that most organizations will not send out attachments, especially attachments that you do not recognize or did not ask for. Any time an attachment appears in an email from an unfamiliar source, do not download it.
6. Keep an eye on your bank account or credit card statements after making a purchase online. Consider using a single payment source, such as a specific credit card, when shopping online. Using an online payment service, including PayPal, can help provide an additional layer of security that will help keep your payment information safe; however, not every site will allow that security. Scammers, in particular, want you to input your credit card information directly. If you make an online purchase, keep an eye on your statements for a while.
7. Look for the secure payment icon before making online purchases. If you do not see that important “secure” icon at the top of the page, it’s not a safe place to input payment information. Look for another source for your goods or services. Keep in mind that many scammers, right now, are offering protective equipment, selling miracle cures, or offering to provide services that businesses and private individuals desperately need in the midst of the pandemic. Unfortunately, those items may never actually arrive. If that secure payment icon isn’t there, avoid making the purchase.
8. Track purchases carefully. During the pandemic, more than ever, keep track of any purchases that you make, either on behalf of yourself or on behalf of your company. If purchases do not arrive in a timely manner, contact the company or, if needed, contact your credit card company to let them know about a scam. Many credit card providers offer protection that will help you get the funds you’ve spent back if you do not receive the items you ordered.
9. Report the email, if necessary. In some cases, you may need to notify someone–a government entity, your company, or the company the email came from, for example–about the spam you’ve received. If you’ve received particularly harmful spam or a threat that needs to be reported, do your research and report it to the proper individuals. If the email came through on your company email address, you may also want to report it to your company so that they can check the spam filters or make sure that it didn’t go out to anyone else–including someone who might have clicked on one of those links or downloaded an attachment.
Keeping yourself safe when you’re working from home can be more challenging than ever–and with the rise of the pandemic, scammers have found new ways to take advantage of vulnerable populations. If you need more help keeping yourself safe or learning more about security, both for yourself and for your company, contact us today to learn more about the services we can provide.