Special offer! Act fast! You’re pre-approved! Every time we open our mailbox at home, it seems we find these deals, applications or advertisements that we didn’t ask for. We easily recognize these mailings as junk mail. But they may be harder to identify when they arrive in our electronic mailboxes. We are now getting much more junk mail in our email inboxes and most of it is unsolicited. This is usually SPAM and/or Phishing (phishing is when you get an email that appears to be from someone you know and possibly trust, but it isn’t really from them). How did this happen? Can it be harmful? Can we prevent it?
To answer the last question first, not really. If you have an email address, it will get SPAM. We don’t really have to do much. We give our email addresses when asked at checkout in the store or online. We give it out to register for that vacation giveaway in the mall. We register it as a username to sign into an organization’s website. We share it with friends or associates to exchange email. Any of these methods could lead to emails being sold or stolen. For example, when your friend’s/associate’s email gets hacked, their address book of anyone they’ve sent an email to is available to the hacker.
So which emails are legitimate, which are advertising, and which are malicious? This is getting more and more difficult to decipher. But I’d like to cover a few methods that will provide you some good information to make an informed decision about whether to pay attention to an email, or delete it for good.
Your instincts can go a long way in alerting you to a malicious email. Here are 9 red flags that are important to pay attention to when reviewing an email to see if it’s SPAM/Phishing:
Misspelled words;
Poor grammar;
Different fonts or font sizes used throughout;
From someone you don’t know (e.g. an unsolicited email where you don’t know the sender) – although remember, your friends email could have been compromised so watch out for malicious emails as a result of that, too - you’ve received it as part of a larger group where you don’t recognize other email addresses in the “To” list, and/or it says that it’s been sent to “undisclosed recipients”;
Assertions that are too good to be true – for example, you’ve won the lottery, someone has a large sum of money that they want to send you, there is a new product that will cure male-pattern baldness, give you a 100% increase in energy/muscle-mass/performance/mental acuity/etc, or be your new best friend;
Try to get you act fast, not giving much thought to it – for example, limited time/quantity offers of success, money or supplies of goods; quick fixes to problems, or business proposals to a limited number of people;
Strike fear, or make you feel guilty to get you to act – for example, they know information about you that is condemning and responding to them will get it taken care of, your computer is infected with a really bad virus, your bank account or credit card has been compromised and they need your banking username/password or card number to confirm, or someone is in trouble and needs your help, your computer account has been hacked and you need to go a help-desk website to reset information;
Images look blurry, copied and pasted, off-color, or otherwise tampered with; and,
There are links or attachments that you need to open in order to get more information – most commonly infected files include MS Word documents, MS Excel sheets, PDFs.
Malicious emails come in many shapes and sizes. Many are readily ascertained as phony. However, the more devious ones look like they are from people or business with whom you associate. Recently, I was told about an individual who had a legitimate bill from a bank in front of them and received a malicious email that was made to look like it came from that same bank the same day. Although it was coincidence, the rate with which we receive phishing emails, they’re bound to strike a chord with one sometime. So be vigilant.
Robert Beckstead is the Information Technology Security Officer at Bank of Utah. He comes to the Bank with experience managing information and IT security programs at various federal agencies. In addition to multiple professional certifications, he has an MBA with an emphasis in Information Assurance from Idaho State University.