How to recognize phishing emails and other social engineering hacker attempts

Phishing email messages, websites and phone calls are designed to steal your money. Cyber thugs can do this by
installing malware on your computer or by stealing personal information from your pc.

Cyber criminals also use social engineering to convince you to install malicious software or hand over your
personal information under false pretenses. These confidence scams may include a call or email stating
your bank account is overdrawn, or the hacker might claim they are the IRS an you own them money.
They might email you, call you on the phone, or convince you to download something off of a website.

Sample of a Phishing Email

Here is an example of what a phishing scam in an email message might look like (without the yellow highlights, red lines and red CAP text)
visa_email_lrg
Trusted Company Logo. The attacker wants you to think the email is legitimate. They steal a logo of a company you know or maybe you even have done business with this company. It’s all part of the con.

Generic Salutation. Many times, these emails are sent to hundreds of thousands or millions of people.

Unprofessional Spelling and bad grammar. Cyber criminals are not known for their grammar and spelling. Professional companies or organizations usually have a proof reader that reviews mass emails prior to sending. If you notice mistakes in an email, it might be a scam.

Disguised Links. Carefully examine links in emails.  Don’t click on links! Hover your mouse over the link (but don’t click) to see if the address matches the link that was typed in the message.  In this example, “visa-secure . com” is not the same as Visa’s “visa . com”. Some links might lead you to *.exe, *.zip or other files. These kinds of file are known to spread malware.

Urgent action or threats. Have you ever received a threat that your account would be closed if you didn’t respond right away by clicking a link?  The cyber criminals often use urgency or threats to make you believe your security has been compromised.

Phishing phone calls. Hackers use social engineering to trick you into providing information over the phone. Someone may call you on the phone and offer to help solve your computer problems or sell you a software license. Microsoft does NOT make unsolicited outgoing calls to make software fixes!

Typically, when the hackers have gained your trust, they convince you to give up your user name and password or direct you to  a website to install software that will let them access your computer to fix it. If you do this, your computer can easily become “owned”, aka under the attackers complete control. Do NOT give out personal or private information over the phone from an unsolicited caller.

Report phishing scams. Report suspicious calls and emails to:  FTC Complaint Assistant form.

Contact Action Datatel for further information on Phishing prevention, privacy, security and compliance. 541-494-2099

Leave a Comment