Right now, we are seeing a global pandemic unheard of since the Spanish Flu in 1919. The odds of someone being alive who experienced it and is now experiencing the COVID-19 crisis, are highly unlikely. In times like these, there are those out there who prey on the fearful, taking full advantage of the panic. In the modern day, technology is the means for scaring the unaware. All it takes, is for someone to copy the body of an email message and switch over a few links and there you have it, a spam or phishing email. One of our clients received an email from what appeared to be an insurance company claiming to have sent a fax.
What is the difference between a spam and phishing email?
Spam is simpler to define. Spam is a mass email sent as a means to get out unwanted content like newsletters, sale ads or chain forwards. That website or smart phone app you downloaded and signed up for, and now you’re receiving a weekly or daily newsletter can count as spam. A spam email does not have to be malevolent in intent, but if you’re a party that didn’t want to receive it, then it becomes unwelcome. Another example is your email address could have been compromised and now you’re receiving emails from a source that you didn’t sign up for.
Phishing is malicious in intent and is an attempt to harm individuals financially. Phishing emails are copied from legitimate emails, with all of their content. The best ones copy over word for word, disclosures from official sources, images and signatures. The most common type you will see, is one sent from Microsoft to your Outlook email address, as it is the easiest to get access to. How is that you ask? Imagine all the people who you have in your address book and send emails to, email chains you send or are a recipient of. It’s a chain of networks, and if someone gets compromised, there’s a chance you will now be a target on someone’s list. What is the best defense against a phishing attempt? Know how to analyze the email.
Here are some questions you can ask to analyze the email:
- Is it from someone you know?
- Most try to get in by coming “From someone you know.” What I mean by this, is quite literally the sender’s address. Let’s say you receive an email from John Doe in your organization. His in organization email address is email@example.com, but the email you received came from firstname.lastname@example.org or email@example.com. That is the first thing you need to check.
- Were you expecting an attachment from the sender?
- Some phishing emails contain attachments such as a document, excel, or pdf file. Inside of that attachment, can be a malicious file like a trojan virus. For the sender it came from, do not ever reply or forward the email asking if it did in fact come from them. Instead, screen shot the body of the email and ask the appropriate sender address if it was from them.
- If there is an embedded attachment like a picture or hyperlink, hover your mouse over it.
- Sometimes in these phishing emails, the predator will insert a picture, link or text that is embedded with a hyper link that will take you to a website. Most of the time the link will appear normal, but will redirect you to a website like a Microsoft log in. An example of this is www.office.com vs www.office.phishingdomain.com/-iEAhug.
If you can train yourself to analyze these three things, you can catch any phishing email attempt before it takes you too far.