According to the 2020 Verizon Data Breach Investigations Report (DBIR), the two most frequently used methods for hacking a company and stealing their information over the past year were phishing and use of stolen credentials (think user IDs and passwords).
Both methods actually go hand-in-hand. A hacker, utilizing social engineering techniques will send a specially crafted email that pretends to be from a company you do business with. In the fake email, the hacker will include some wording to make you believe that your account has been hacked (the irony!) and that you need to click the included link to reset your password.
Another method commonly used is crafting an email that purports to be from Amazon, UPS, or FedEx that has you click on a link to get the latest tracking information on your recent purchase. Since we are all shopping online, it is understandable why someone may fall for that trick. Unless of course you teach employees in your business or family members at home how to spot a fake email.
COVID-19 emails are making the phishing rounds too. If something is making headlines, it will make its way into a hackers social engineering toolbox! Watch out for election scams next!
How to spot a fake email
Let’s talk about some red flags in phishing emails. Red flags are things to look out for that should perk your investigative senses up to someone trying to trick you.
- When you get any email that asks you to click on the included link to do anything. This is kind of tricky because we all send emails with links in them, especially when we are trying to share something we think would be beneficial to others. Don’t click on the link!
- Look for wording that indicates immediacy. For example urgent, now, immediately, etc. Take a deep breath and think about someone trying to trick you!
- Look at the email sender’s address for misspelling or wrong addresses. For example, an email from Amazon.com would be support@amazon.com. Not, support@IThelpdesk.com. Sometimes you need to move your cursor over the top of the email address or tap on an email address to see the full email address.
- Just like with the email address, investigate the link address by moving your cursor over the top of the link address to reveal the true link address (this works best on a computer as compared to a mobile device).
- There will probably be misspellings and broken English. This may not always be the case, but most fake emails fall into this category.
- There may be an attachment. Don’t open the attachment!
But what do you do if you think the email may be legitimate? Go to the company’s website directly (NOT by clicking the link!) and log in to your account to see if you have any messages. Remember, don’t click the links or open attachments from the email. And if the email is from a “friend” call or message them to see if the email they just “sent” you is legitimate.
Now that you know how to spot red flags that identify fake emails, hopefully you will take a little more time reviewing any email that arrives in your inbox. You may just save you, your family, and/or your company from being the next hacking victim. Share your new knowledge and teach others how to spot fake emails and not become a hacking victim.
Source: 2020 Verizon Data Breach Investigations Report (DBIR)
Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for our free resources to help you navigate today’s digital world with cyber ethics. See more cyber safety and cyber ethics blogs produced exclusively for EarthLink. Looking for a social media parental control? Try a 30-day free trial of Bark. If you sign up after your trial, Bark donates 25% of your monthly fee to Savvy Cyber Kids.
Thank you to the Savvy Cyber Kid’s sponsors!
Interested in becoming a Savvy Cyber Kids sponsor? Email Ben Halpert.