I checked my email over the weekend, and amid the usual promotional messages, reader letters, PR content, and obvious phishing attempts in my inbox, there were a few emails related to my YouTube account. Recently, Google warned that hackers were sending phishing emails to YouTube creators, offering antivirus software in exchange for a review on the channel. The antivirus was, in fact, malware designed to steal passwords and browser cookies, which can also hold login credentials.
4 Tips for Opening Cold Emails in the Phishing Age
Just to be safe, I didn’t open the messages or click on any links in the YouTube-related emails, but it occurred to me that identifying legitimate contact is difficult in the age of frequent phishing attempts. PCMag lead security analyst Neil J. Rubenking wrote about this quandary recently after helping a friend figure out whether an email purporting to be from Facebook was a phishing lure. In the end, that email turned out to be a real marketing message from Facebook, but he had to go through several steps to determine the message’s legitimacy.
Facebook keeps a list of verified correspondence in the account area of your profile, so it’s easy to match emails you receive in your inbox with the messages you see from Facebook in your account. But what if you want to verify that an email came from someone you know and contains safe links? The US Federal Trade Commission offers a few steps you can take to stay safe:
- Look at the From email address. If you don’t recognize the address or the sender, think twice about opening any links contained within the email.
- Spot a generic greeting. A business email usually won’t begin with a casual greeting such as, “Hi Dear.” An email from a friend usually won’t spell your name wrong or address you with an honorific like “Mr., Mrs., or Miss.”
- Look at the link URLs. Mouse over links before you click on them. Your browser will reveal the web address for each one. If the link looks suspicious (for instance, a link purporting to be from Netflix takes you to an entirely different domain), don’t click on it! Delete the email or report it as spam and move on.
- Be wary of any emails that invite you to click on a link, whether to update your payment details, update your account information, receive a coupon for free stuff, or examine an invoice you aren’t expecting.
How to Combat Email Phishing Attempts
- Use security software. The best antivirus and security suites have phishing protection built right in. Set the software to update automatically and run in the background to protect you from phishing attempts.
- Use multi-factor authentication everywhere you can online. Even if a scammer manages to get a hold of your username or password, if you set up multi-factor to be something you have (a hardware security key or an authenticator app passcode), or something you are (a scan of your fingerprint, retina, or face), it’s harder for the bad guys to log into your accounts.
- Back up your data. Copy your important documents and information regularly and store them on an external hard drive or with an online backup or storage service.
Click here for more info on how to spot a phishing email: How to Spot a Phishing Email
Give us a call at 732.780-8615 or email [email protected] to discuss how we can get your employees started in our Security Awareness Training and Phishing Simulations today!
Kim Key, Excerpt from “Don’t Get Caught! How to Spot Email and SMS Phishing Attempts“, pcmag.com, Nov 3rd, 2023