Don’t get phished in by fake emails

Don’t get phished in by fake emails.

Fake Emails or Phishing

Malicious emails are usually called phishing emails. The emails purport to be from a legitimate company or person and are designed to either obtain sensitive account information (like bank account details) or to get you to click on a link that will send you to a malicious web site.

The picture below is of a phishing email purporting to be from the Canada Revenue Agency but the actual sender address is clearly not from the government. The subject line suggests it is a money transfer (everyone loves getting money from the government). While the email was sent directly to my business email address, the body of the email is not addressed to me. And the link is not actually going to a legitimate web site. And there’s a spelling mistake.

phishing email

A little more sophisticated than the Nigerian prince with funds he wants to share.

Business losses to phishing

Businesses are losing tons of money from these phishing emails. Publishing giant Conde Nast got hooked for $8 million in 2010. And the massive breach at Target may have started with a phishing attack.

So how do you identify the more sophisticated emails?

  1. Check the sender email address. Does it match who they’re claiming to be?
  2. Who is it addressed? What email address was it sent to?
  3. Do the amounts make sense? See the “iTunes receipt” example below.
    iTunes phishing
  4. Are there spelling and grammar mistakes?
  5. Where do the links go? See my youtube video on how to spot phishing emails for a safe way to figure out where the link actually goes to.
  6. Does the email ask for account information like bank account numbers or passwords?

If you are suspicious of an email, call the sender. Don’t click the links. Delete it immediately.