Email is indispensable. Even if your line of work does not demand that you communicate via email, you still need email accounts to sign up for social media sites, shop online, access online financial accounts, subscribe to streaming services — you get the picture.
Email connects us to so many wonderful things, but it can also connect us to cybercriminals who intend to do us harm. One of the ways they do this is via spam — bulk unsolicited emails — that often contain ‘phishing’ scams, like thousands of fishing lines waiting for unwitting victims to take the bait.
Spam was first used as a marketing tool. However, with time, fraudsters started using it to scam recipients by mimicking emails from legitimate companies. It’s called phishing and it tricks users into opening malicious links or attachments. The fraudulent website looks like the real thing and gives visitors a chance to log in — that’s when access credentials are stolen. Once online thieves have this, they can loot your account and steal your identity long before you realize you’ve been tricked.
It is of paramount importance that you protect yourself from spam, but how can you tell a villainous email from an innocent one? Here are a few tips to keep in mind.
Before opening an email
#1 Check who the sender is
If you receive an email from an unknown sender or aren't expecting an email from that person, it may be best to mark the message as spam. This will declutter your inbox and reduce the risk of falling for a phishing scam.
Sometimes, fraudsters impersonate people or companies you know. To avoid getting scammed, hover your mouse over the sender’s name until you see his or her email address. If the address has a string of numbers or a domain (i.e., the text after the “@”) that’s unfamiliar or misspelled, mark the email as spam.
Many spammers send messages from email accounts they’ve hacked. So you may even get emails from people in your circle who’ve been compromised. This is why it's good practice to verify the message with the sender of the email before opening it.
#2 Judge an email by its subject line
Avoid opening marketing and promotional emails you didn’t opt into or aren’t expecting to receive. Being vigilant about what you sign up for — whether it's sales offers, free trials, or online purchase order updates — will make it easier to identify potential spam.
Be especially wary of security alerts with the subject line “Your Account Needs to Be Updated.” Cybercriminals may imitate emails from sites such as PayPal to phish for your account credentials.
Instead of opening the email or clicking on the link inside, open a separate tab, manually type in the URL, then log in as normal. If you’re able to log in without any problems, delete the phish-y email immediately. If you’re not able to access your account, go through that site’s password retrieval process. IMPORTANT: Never use a password reset link from an unsolicited email.
Bonus tip: It pays to be familiar with a site’s forgot-your-password procedures. For instance, PayPal requires multi-factor authentication when users make password change requests, so be alarmed if you're not asked to take extra steps when you’re supposedly changing your password.
After you’ve opened an email
#3 Watch out for generic greetings and typos
Reputable sites tend to use email automation so that you are greeted by name at the beginning of the email. “Hi valued customer,” or even “Hello,” should alarm you, especially when you’ve been greeted by name before.
Additionally, check for misspelled words in the body of the email. Spammers often use typos and odd phrases to bypass spam filters.
#4 When in doubt, don’t open attachments
Email attachments are the fastest way to infect your device with malware, so if it’s unsolicited or you’re unfamiliar with the file type, don’t download it. If you must open it, scan it for viruses first.
#5 Double-check the URLs in provided links
Hover your mouse over a link to see where it actually leads. For example, this link — www.google.com — doesn’t actually lead to Google. If the hyperlinked text and URL don’t match, don’t click on it.
Sometimes, links from an unsolicited or dubious email may look legitimate. It’s better to be safe than sorry, so instead of clicking the link, type the URL into your browser's address bar. For instance, if you receive an email from Adobe offering Photoshop software with a too-good-to-be-true 75% discount, it's best that you go to Adobe’s official site and check if the promo is legitimate.
An ounce of prevention is worth a pound of cure. Many SMBs and enterprises in San Jose and the San Francisco Bay Area count on USWired to protect them from malicious spam — talk to us to receive your free consultation.