Jun
16

Protect Yourself Against the Latest Email Scams

posted on June 16th 2016 byBryan Christensen in CHR News with 0 Comments

Email scams are on the rise, and getting more difficult to identify

There is a type of malicious email referred to as phishing that we’ve been seeing in increasing numbers over the past year, so we wanted to provide you some basic tips on general email safeguards.

Definition of phishing
Phishing refers to an email scam technique that is generally used to gain access to sensitive, personal information, to ultimately commit fraud and/or identity theft.

The essential pattern of most phishing emails
Phishing emails seldom contain viruses, so they’re difficult to filter out with technical means. Instead, we must rely on the user’s best judgement. Keep a keen eye out for emails that contain these red flags:

Spelling/grammar mistakes
Many of the people who create these emails do not speak English as their native language, so if you notice spelling and grammatical errors within the subject line or body copy, be wary.

May have links
Sometimes, but not always, phishing emails will contain links. A recent phishing email many people received claimed to be from the IRS, which contained a link that appeared to go to the IRS website. If you hover your pointer over the link, however, you will sometimes see that it doesn’t match the actual organization’s web domain.

Have a call to action; often for sensitive information
Phishing emails often have a call to action – such as “You must click on the link below and sign in to keep your account active.” This type of message often appears in phishing messages sent out claiming to be from large banks, retailers, and social media sites. Be very cautious here – when you click on that link and sign in, you may be unknowingly giving your username and password away to thieves – even if the site appears to look like the real thing.

Can appear to be from someone you know
Even more alarming is that recently, criminals have gotten very good at making emails appear to originate from people you actually know. Called spear phishing, these emails may even look like they’re coming from your boss or co-worker.

Example of an email received from one of our clients:
Hi [real employee name]
Please send me the list of W-2 copy of all employees’ wage and tax statement for 2015,
Kindly prepare the report in PDF and send via email.
Thanks,
[Real CEO’s name]

Because the recipient was cautious, and suspected the email was fraudulent, the request was rejected.

Basic tips to help protect you in your email endeavors

Always

  • Always be skeptical when people ask you to provide sensitive information. If in doubt, call (don’t email) the person or organization in question and get confirmation that the information contained in the message is valid.
  • Always delete email sent from unfamiliar sources that contain attachments. If you’re not sure what the attachment is, do not open it. If you recognize the source, but weren’t expecting anything – call to ask if they sent it and what it is.

Never

  • Never enter your username and password on a website you’re unfamiliar with OR that does not contain a valid security certificate – even if it looks legitimate. You can confirm the site is using encryption by looking for the lock icon in your browser. Every browser is slightly different, but here’s what they generally look like:

Google encryption bar

This is an encrypted website – note the lock icon next to the site address. When you click on the lock, you can get more details on the certificate, including this one, which shows that the security certificate is valid.

Example of encrypted site

  • Never open attachments from unknown sources. Even if you get an attachment from a co-worker, family member or friend, do not open it without confirming that they sent it. Viruses sometimes send email from the computers of people who have been infected, frequently without their knowledge.
  • Never follow links in emails that do not appear to go to the correct location. Hover your pointer over the link and read the address to see if it looks legitimate.

When emailing, always use your common sense, and ask CHR Creative’s IT help desk to help you evaluate any suspicious emails if you’re unsure. You can email us at support@chrcreative.com, or call us at 503.427.1808. We’re open Monday – Friday from 8AM – 5PM PST.

May these tips help keep you safe both at work and at home.

We would love to hear your comments