Learn to Spot a Scam – Email Edition

One of the easiest ways for hackers to gain access to your company network is through individual employees. How well can you and your business employees spot a scam? This month the ransomware called CryptoLocker is making the rounds again in a massive way. Ransomware takes over a computer or a network and demands money in exchange for unlocking your files or system.  CryptoLocker infections went from just a few a day to over 400 a day last month, and continues to rise. Hackers change their methods frequently in order to get people to fall for their scam, but there are few things you can do to make sure you never fall for one!

Ways to spot a scam

1. Poor grammar. No matter how many times I see a different kind of scam email going around, there is almost always one thing they have in common, and that is poor grammar. Sometimes it’s completely obvious, and others it’s more subtle, but there is almost always a grammar mistake at some point in a scam email.
2. Not enough information. In many scam emails, they want you to click their link or click their attachment. One sure fire way to get you to do this is to give you just enough information to make you NEED to click to find out more. An example of this is an email that tells you a bill is due, or that you have a package coming and they can’t deliver it, but you need to click the link or attachment to find out the amount or find out what kind of package it is. Most legit invoice emails will be from a business you are already dealing with, and you are expecting it.
3. It’s scary. A really successful tactic is to scare you into clicking their link or attachment. This is really common with Facebook. You will get an email saying your Facebook page will be shut down due to inappropriate content, and you need to click the link to verify your page. As soon as you click the link and log in, you have granted access to the hackers. This also covers emails appearing to come from your bank, the IRS, or another government entity. There’s nothing scarier than being investigated by the IRS or the FBI! I promise, they won’t come after you via an email. If they show up at your door though, that’s a whole different story.
4. Check the links. When you hover your mouse over a link inside an email, often a small text window will pop up that will have the URL you will be directed to if you click the link. Make sure the links are pointing to a familiar website. The Facebook scams can be tricky because it can still use a facebook.com URL if they’ve used a Facebook app to create their scam.
5. Look at who it’s from. When you are looking at your email, you can usually expand the part that is called the “header” where the from and to email addresses are visible. You can check here to see if it’s really from someone you know, or if the address is spoofed. A spoofed email address can appear like [email protected] <[email protected]>. This means that they are appearing like they are sending from a friend, but when you look at the address it’s coming from, it’s actually a scammer’s address.
6. It’s too good to be true. You’ve heard the phrase “if it’s too good to be true, it probably is” and this is especially true with email scams. Most opportunities of a lifetime aren’t going to come from some random person you’ve never heard of via email.
7. Verify anything suspicious. If you get an email from a friend with a strange attachment, link, or just doesn’t quite sound like them, just send them a quick email back asking if they really sent the previous email. It NEVER hurts to be positive it’s really from a friendly source before you open any attachments, or send any money to a friend in need.

The best thing to do though, when presented with a suspicious looking email, is take a few breaths and ask yourself “would they really do this over email?” and ALWAYS err on the side of caution. I would much rather have not responded to an email and get a follow up later asking for a response than to be the person that brought down my entire company’s network.