Phishing e-mails are sent by scammers to get you to do what they want: click on a link or call them. The scammers design these e-mails to get you to give them your login credentials, personal information, or money. The scammers purchase legitimate e-mail addresses that have been hacked or stolen from e-mail service providers.
Phishing is, and will continue to be, the cyber-criminals' favorite mode of attack. The reason is that it’s easy to dupe even the smartest person with a cunning e-mail that looks as if it came from a reputable company. Attacks are becoming more creative. Spoof e-mails have become more difficult to differentiate from authentic ones.
DO NOT FALL FOR THEIR REQUESTS FOR YOU TO CLICK!
- Phishing e-mails can deposit malicious software (Malware) on your computer if you click the attachment.
- Phishing e-mails can steal your sign-in credentials for your online accounts if you click on the link in the e-mail. Sometimes they claim the security of your account has been breached.
- Clever subject lines, such as “changes to your health benefits”, “unusual login detected”, “payment alert”, or “antivirus expiration”, con you into opening the e-mail and taking action. Deceptive links in the e-mail may send you to malicious websites. Images in the e-mail look like logos from reputable companies, such as PayPal, iCloud, your bank, Amazon, McAfee, or Norton.
HOW TO SPOT A PHISHING E_MAIL:
Some e-mail services spot phishing e-mails and route them to your spam/junk folder. Becoming more security aware can reduce your risk of acting on phishing attacks by 75%. To identify a phishing e-mail, look for:
- Who the e-mail is FROM: hover your mouse over the FROM name. If it did not come from the company in the message, it is a phishing scam.
- Check for bad grammar and spelling in the message. If it is not perfect English, it is most likely phishing. With the advent of artificial intelligence (AI) this past year, poor grammar is harder to spot.
- An urgency that scares you into action (“you will lose all of your files”), or a “too good to be true” offer of winning a money prize are other big clues.
A REAL-LIFE STORY: Your e-mails all redirected to the scammer…
This sophisticated phishing e-mail attack actually happened to one of my clients recently:
2. the .JSON file auto-plays in the next few days, and does the following nasty work:
⦁ creates a new e-mail address that looks almost like yours
⦁ sends an email to all of your contacts, asking for a response; the reply-to address is their newly created e-mail.
⦁ configures your e-mail to forwarding all of your new incoming e-mails to their new e-mail address.
⦁ filters all new incoming e-mails to your deleted/trash folder
3. You stop seeing new e-mails in your INBOX.
If this happens to you, call Linda to do the following clean-up and remediation:
1. immediately change the password for your e-mail account.
2. scan and quarantine all malware using AdwCleaner and Malwarebytes.
3. delete the SETTINGS option that is forwarding your e-mail to the scammer's e-mail address.
4. delete the SETTINGS option that filters all incoming e-mails to your TRASH/DELETED folder.
5. test sending an e-mail to your e-mail address to validate that it arrives in your INBOX.
6. examine the messages in your TRASH, delete those you do not want, and handle the rest. There will likely be many 'bounced' messages in the trash - one for each outdated address that could not be delivered.
If you are not sure if an e-mail is phishing, you can forward the e-mail to Linda at firstname.lastname@example.org for review.
I am committed to protecting your computers at an affordable price. Thank you for trusting me to keep your computers healthy. Contact us at 239-567-0104 to discuss joining our Learn Computer training, renew your protection software, or schedule computer and internet help.
By Linda Lindquist, October 16, 2023