Email Phishing, Spam, Passwords and Safety Tips

bad_phishOne of the biggest problems with having an email is getting spam but it’s not as bad as phishing.  If you think getting too much spam is bad, then you probably know that phishing is more like a horse kicking you up and down while you have your hands handcuffed to to a wall.  Sorry to be so graphic but it can get pretty bad so be cautious and don’t fall for the trap.

The basic habit is to avoid clicking on links from an email.  So maybe 75% of the time you are totally fine, this might be a bit tricky cause you get a message from your friends or co-worker with a link to a funny Youtube video or some website and you trust these sources and the sender but then (dramatic music) you get the “what seems to be normal” type of emails but it’s a phishing scam but then you can’t really tell the difference.  The best way to find out is. “Don’t click on it”.   Here’s a good example: Facebook, Paypal, Google, twitter, Youtube, Amazon, your bank account, or your favorite social networking sites are telling you that they’re doing a major upgrade and need you to sign back in and reset your password or need you to click on the link to update a major security problem that is happening so you need to log back in to the site make sure you get the problem fixed.  So what do you do?

The simple thing is to do is go straight to the source.  Go to the app and don’t trust the email.  Try to look at the link and Google it or Go straight the companies url on the search bar and type it in. Don’t click on links from your email and don’t copy and paste a link that you have no idea where it might take you, type in the url or use personal bookmarks so you can go straight to those sites that require a login and password.

phishing_email_hidingOne simple way to check if the url might be fake is when you hover over the link with your mouse, you will notice that the button doesn’t go to the right link.

Take this example of a respond now button on eBay and this could be Amazon or your bank account, Facebook, Instagram, et al.  It’s easier to see this on a desktop but the bottom of the web page will have a link when you hover over it.  So you might see something shady like www . sign-amazon-com-very-safe-com.com for a fake amazon website that is trying to steal your password.  These are the bad guys, they are getting better at scamming, especially when they have realistic images and even know your username or preferences.

I have had a few occasions when some “fake” company website posing as real one sent me an email that there was a major security “emergency” at a “real” company so they wanted me to reset my password with a link.  I went to my “real” website directly without clicking on that link from the email, and logged in normally and nothing happened, no warning, it was a false alarm, and so I reported it on Google that the email I got was phishing.

You might see this message if you are using gmail.  They warn of you of phishing and you can report it.

In this case, it was a person that never sent me an email before but I talked with her on the phone and did not have to report phishing, however I do have a pretty good internet security program that warns me of bad links or prevents my computer from getting compromised.  So how do those phishing emails still manage to get away with this kind of scam and why does it never stop. Well good question. I see it as a virtual world and the scam artist is taking everything to the digital world.

Take this photo for example:

phishing_setThis photo is a basic film set but if you look at it from the phishing or hacker’s point of view, it’s not much different from a person pretending to work behind a building as long as you don’t see what’s going on behind the doors or in this case on the side.   The front/face of the email looks normal, the signs and links look great and you’re getting mail from a trusted source as you walk down the street.  All it takes is one password, your keys, credit card information, tell your that they’ll be back and they got all your data and run off.  This is a nightmare for everyone so make sure you make it a habit of not clicking on every email link but going to the actual trusted websites.  Sometimes the website you are searching for can also have issues as well, like expired security certificates or compromised cause of a faulty plugin or easy password.

The only time that it will make the most sense to click on a link is when you actually forget your password from the website you are visiting and you choose to reset it.  Even in those cases, they might text you to reset it with a specific pin code.  In that case, you should get an email in less than 3 minutes. That email will usually be time sensitive and expire within an hour or less depending on the company.

There are lots of free website checkers that can help you if a site is bad before you even click on it.  Wikipedia has a good article on phishing and you should read about it.  Phishing problems are serious and they have multiple names like clickjacking, confidence trick, internet fraud, and typo-squatting. There are different variations of malicious and dangerous forms of illegal internet activity and your email is something you should always be careful about with links.

There’s a lot more security warnings and issues that I can probably talk about but I’ll try to keep it simple so here’s a few more tips.

1.  You need to have a strong complicated password. Don’ be lazy.
2.  You should change your password every year if possible.
3.  Do not log in to your bank account or websites with financial data (ebay/amazon/shopping sites) while using a public wi-fi as much as possible. Use your app if possible.
4.  NEVER save or store your password on a public computer (if you feel uncertain, change your password).
5.  ALWAYS cover your pin pad in public even if nobody is around, cameras are always around you…that includes the ones that are not supposed to be there.
6.  If you have your passwords written down in a notebook or notepad, leave it in a safe place at home that only will know by memory.
7.  NEVER use any sequence or pattern of numbers from your last four digits of your phone number, social security, ZIP code, address, and/or birth date.

Security is always changing and check out new tips from recommended internet security consultants and look for experts that deal with the newest technologies out there. Good luck and stay safe!