It’s that time of the year again! Holiday festivities are in full swing, tax season is right around the corner, and email scammers are seemingly working overtime to ply their nefarious trade. Email scam attempts happen every day, but they seem to gain extra media traction during this time of year. While news resources do a decent job of reporting on the major scams, their advice on how to avoid them and protect ourselves is sometimes lacking. As such, we at CTTS would like to take this time to refresh each other on the major types of email scams out there and how to best protect ourselves.
Phishing
Phishing emails are attempts to procure sensitive or personal information from the recipient. After establishing contact, the scammer will attempt to gather items like usernames, passwords, legal names, social security numbers, or banking/other account information. These emails will often originate from legitimate looking senders (like the IRS or Apple Support), and will often include links to web pages and/or forms (where is most of the information collection occurs).
Spear Phishing
Very similar to a phishing emails in their goal, but highly customized in their approach. Phishing emails are akin to casting a net into the ocean – cover enough area and you are bound to catch someone. Spear Phishing is a very targeted approach, where the emails are crafted specifically for the target in question – be it an organization or an individual. Emails of this nature will usually appear to originate from a group or person in a position of authority that the target is familiar with (for example: fake emails from a boss).
Spoofing
Spoofing is pretending to be someone or something that we are not. Though not a type of attack unto itself, per se, it is a key component of most electronic scams. Altering your email name so that all mail from you appear to be from someone else an easy and often employed tactic. More advanced scammers are able to mask their originating email address and subsequent IP traffic chain to add further legitimacy to their scams.
How to Protect Yourself
Now that we are aware of the most common scam emails we are likely to see on a regular basis, let’s take a look at how to safe guard ourselves against them.
1) Take you time! Most scam emails are relatively easy to identify. We’re all busy than we want to be sometimes, but take a few extra seconds to review what just hit your inbox before clicking reply
2) Check the sender! As mentioned, it is quite easy to change the name associated with a sent email. I could very easily send you an email from your boss right now if I wanted, but in name only. The email address of the sender is both stand alone and web based mail clients. If the mail address doesn’t match the send, that’s a big red flag.
3) Process the request! What is the email asking of you? If the message is a simple one or two lines prompting a response they are likely just looking for active emails. Replying to a simple “you there?” email is doing nothing but confirming yourself as a target. Requests for money or forms to fill out online are also giant red flags.
4) Ignore/Report/Delete! Once an email is identified as bogus, feel free to simply delete it, mark it as spam, report it (to your IT administrators, Google, etc.) No harm will come of sending that junk to the trash where it belongs.
5) Ask! I cannot stress this one enough – ask IT professionals like CTTS if you are unsure about an email you receive. Better safe than sorry!
contact CTTS at (512) 388-5559
By Brandon Kaylor
Desktop Support Technician
Central Texas Technology Solutions