PC Magazine
Published in

PC Magazine

Don’t Get Caught! How to Spot Email and SMS Phishing Attempts

Phone and email scammers are running rampant. In this edition of SecurityWatch, we analyze some real-life phishing lures and tell you how to stop scammers in their tracks.

By Kim Key

I checked my email over the weekend and amid the usual promotional messages, reader letters, PR content, and obvious phishing attempts in my inbox, there were a few emails related to my YouTube account. Recently, Google warned that hackers were sending phishing emails to YouTube creators, offering antivirus software in exchange for a review on the channel. The antivirus was in fact malware designed to steal passwords and browser cookies, which can also hold login credentials.

Opening Cold Emails in the Phishing Age

Just to be safe, I didn’t open the messages or click on any links in the YouTube-related emails, but it occurred to me that identifying legitimate contact is difficult in the age of frequent phishing attempts. PCMag lead security analyst Neil J. Rubenking wrote about this quandary recently, after helping a friend figure out whether an email purporting to be from Facebook was a phishing lure. In the end, that email turned out to be a real marketing message from Facebook, but he had to go through several steps to determine the message’s legitimacy.

Facebook keeps a list of verified correspondence in the account area of your profile, so it’s easy to match emails you receive in your inbox with the messages you see from Facebook in your account. But what if you want to verify that an email came from someone you know and contains safe links? The US Federal Trade Commission offers a few steps you can take to stay safe.

  1. Look at the From email address. If you don’t recognize the address or the sender, think twice about opening any links contained within the email.
  2. Spot a generic greeting. A business email usually won’t begin with a casual greeting such as, “Hi Dear.” An email from a friend usually won’t spell your name wrong or address you with an honorific like “Mr., Mrs., or Miss”.
  3. Look at the link URLs. Mouse over links before you click on them. Your browser will reveal the web address for each one. If the link looks suspicious (for instance, a link purporting to be from Netflix takes you to an entirely different domain), don’t click on it! Delete the email or report it as spam and move on.
  4. Be wary of any emails that invite you to click on a link to update your payment details, update your account information, receive a coupon for free stuff, or include an invoice you aren’t expecting.

How to Combat Email Phishing Attempts

Even the most vigilant email user can be caught unaware by a malicious link in an email. Add extra layers of protection to your online life so you can mitigate the damage done by scammers.

  • Use security software. The best antivirus and security suites have phishing protection built right in. Set the software to update automatically and run in the background to protect you from phishing attempts.
  • Use multi-factor authentication everywhere you can online. Even if a scammer manages to get a hold of your username or password, if you set up multi-factor to be something you have (a hardware security key or an authenticator app passcode), or something you are (a scan of your fingerprint, retina, or face), it’s harder for the bad guys to log into your accounts.
  • Back up your data. Copy your important documents and information regularly and store them on an external hard drive or with an online backup or storage service.

Phishing on Your Phone

After chatting with some of my PCMag colleagues about phishing, they noted they’ve been plagued with SMS phishing attempts recently, also known as “smishing.” Here are some examples of smishing, one is an attempt I received last year, and another that a coworker received recently:

If you aren’t careful, these types of messages may fool you into giving up valuable information about yourself or downloading malware onto your phone.

Both messages came from an unknown phone number. Both requested action related to a finance-related problem, and both contained suspicious links. The first message is from an unknown company about a product I’ve never purchased, and the use of the bit.ly link shortener is a common way for smishers to encourage their victims to click. The Citibank message is worrying because the link address is slightly off, featuring a dash instead of a period between “support” and “citi.”

For years, security researchers, including Andrew Conway, have noted that SMS spam could be curtailed by mobile carriers if they stopped offering unlimited texting plans. Until that happens, the best way to fight back against mobile spam in the United States is to forward the messages to short code SPAM (7726).

Originally published at https://www.pcmag.com.

--

--

--

PC Magazine: redefining technology news and reviews since 1982.

Recommended from Medium

Top Zoom Tips for Better Videoconferencing in a Locked-Down World

10 Tips to Master Your HomePod and Get the Most Out of It

What I lost when my computer crashed

Gloves and Random Movie Nights

It’s time to move on

Announcing Explorer Awards by Filecoin Foundation and Unfinished

=Photography do’s and Don’ts

Top Future technology Predictions in the Tech World

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PCMag

PCMag

More from Medium

AnyCOLO the Unique VPS (Virtual Private Server) Provider

FTC to US Companies: Patch Log4J Flaw or Face Legal Action

Smartphone photography: trading resolution for emotion

5 Ways to Protect Your Phone’s SIM Card From Being Hacked