Gone are the days when we only needed to be wary of generic emails from unknown senders. As consumers and employees get cyber-savvy, criminals up their game by adding a personal touch to email and phone scams.
Scammers are now doing more background research, getting to know more about email addresses, and working to establish trust with consumers. Because scammers are doing more, now everyone needs to be on the lookout for personalized scams.
Here are some reminders of what makes an email suspicious:
- Check who the e-mail came from. Do you know who they are? An unknown sender or domain could be an indicator of a malicious email.
- Check for urgency or threat of legal action. Some emails use pressure tactics, consequences, or threats of legal action to convince you to open an attachment or to provide personal information. Be on the alert for time-sensitive messages or final notice statements.
- Check the Links/URLs. If you hover over a link for a second before clicking on it, it will show you the address for the link. If the address does not point to a location that is labeled similarly to the text of the link, it may be malicious. Here are examples of links that indicate questionable intent: Google and Google. Although neither of the links we have provided are malicious, you should not click on links that take you to an unexpected site.
- Check for poor spelling and bad grammar. Many phishing attempts are quickly put together and come from countries where English is not the primary language.
- If it seems too good to be true, it probably is. Here is an actual message someone reported: ‘Please Kindly advise if your company has a trade license and capability to execute a mutil million contract project for the Government of Libya.’
- Check the address before you reply. When you click Reply on an email, the address you are sending to should be the same as the original sender. For example, if you get an email from Your.Coworker@teldta.com and your reply is being sent to firstname.lastname@example.org, it’s a phishing attempt.
- Check for suspicious attachments. Attachments that contain malicious software are often given generic or random files names, like invoice.pdf or F5JD8FNM.DOC.
- Don’t open that attachment or click that link! If anything mentioned above makes you question the email, don’t open the attachment or click the link.
by William Murray and Vickie Lubner-Webb, TDS security team