39ºF

Don’t get hooked: How to spot a phishing email

Security experts explain what to keep an eye out for so you don’t become a victim

JACKSONVILLE, Fla. – It’s being called a cyber pandemic. Now more than ever before, cyber criminals are taking advantage of people being home, looking for just one person to slip up.

“It is the world’s largest work from home experiment,” said Chris Freedman, founder of OnDefend, a cyber security services provider.

Freedman is accustomed to working remotely, but for many working from home this is new territory.

“In the business world, you can walk around the corner and say, ‘Joe, did you send me that email?’" he said. “In the personal world, there’s not much reference material right now.”

Unless you have an IT department set up in your extra bedroom, Freedman said, there are a lot of pitfalls to avoid. The primary ways scammers get access to your computer is through websites and emails.

“They’re not necessarily targeting you as an individual, it’s kind of like a shotgun approach to get as many as possible,” Billy Steeghs, a cyber security expert who works with Freedman, said.

Companies hire Steeghs and Freedman to hack into their computer systems and identify potential security weaknesses. And let’s just say these two are good at their jobs.

To show how easy it is for scammers to prey on people, Steeghs created a phishing email, or an email that’s intended to look like it came from someone else in hopes that the recipient will be duped.

For his example, Steeghs made the email look like it came from Amazon, a popular place to shop online.

“So, it’s $10 and it says apply to your Amazon account," he explained. “Who wouldn’t fall for this?”

With emails like this, scammers can get access to your account the moment you input your credentials. Then it’s up to the cyber criminals what they decide to do with your personal information.

So, how do you spot it?

“I’m hovering over this Amazon account, you see I’m hovering over it and this is an action you can do, and you can see to the left it doesn’t actually say Amazon.com,” Steeghs said.

Whenever you receive an email and there’s a link attached, hover over the link but don’t click it. While hovering, look at the bottom left of your screen. The website’s URL will pop up and if it doesn’t say the website it claims to be from, Steeghs said it’s a fake.

“That will always pop up," he said. “You just have to hover over the link but don’t click.”

If you do click on a phishing email’s link, you’ll be taken to a website that looks just like the real one — all the way down to copyright at the bottom.

From there, it will ask you to put in your credentials. Once you click submit, you will be re-routed to the real website and the cyber criminals will have your login information.

“You should be lucky if it’s only taking your credentials," Steeghs said. “It could also have loaded some malware on your computer that now starts spying on you.”

Yes, someone could be spying on your devices or computer.

Steeghs said one way to see if you are a victim of malware and someone has been inside your accounts is checking your browser history often and making sure you recognize all the websites listed there. If you think your device has been compromised, Steeghs recommends clearing your history and checking it again later.

What’s Steeghs' top recommendation for protecting your personal information?

“I would stop storing passwords in your browser,” he said.

So the next time you see a pop-up in your browser asking if you want to remember a password, click never.

Freedman suggests making your passwords more complex. You shouldn’t use the same password for all of your logins. You should also change your passwords frequently. And if possible, use two-factor authentication.

“Let’s turn those passwords them into 12 characters letters, numbers, uppercase, lowercase symbols,” he said.

Since its recommended to have different passwords for everything, it’s easy to keep everything straight. Steeghs and Freedman both recommend using the app Last Pass, which provides a free standard service.

When it comes to public Wi-Fi, Freedman recommends always staying away from it and using a hotspot instead.

If you have to use Wi-Fi, he recommends connecting a secured server and never putting in any personal information.

So best to do the online shopping at home.


About the Author: