Email, electronic mail, the core communication method across the Internet. It is through email that our messages to our friends and family get to one another it is also how a majority of us conduct business with our banks, retail stores, and conduct other business. Because of that email is the main channel for hackers, scammers, and deviants to use in an attempt to social engineer information away from you. This method is called phishing. Derived from fishing, phishing is a similar concept. Attempting to get you to bite on a hook in order to fish out your information, usually usernames and passwords. For a little geek history it’s called phishing with a ph to be aligned with the first realm of hacking called phreaking. History lesson over.
These emails are very, very tricky to spot to the untrained eye and that’s why it’s so successful. Like a webpage, emails can be written to look like anything. Such as an email from your bank using the same logos and all. The exception is the links within the emails that tell you to go login are actually redirected to hacked webserver somewhere that has a page that looks like your bank (or whatever). You don’t review the address bar information to verify the page , a concept I wrote about earlier, and enter your username and password thinking it’s the real site. Instead the site captures what you typed and throws you an error page, a message, anything but actually logging you into your bank. Now the hacked site has your username and password that the hacker can now take, go to the real bank site and login with your credentials. The hacker phished out your information and you didn’t even know it.
If you use the Internet and use an email address on any website chances are that your email will not stay private for long. There are bots that guess email addresses, websites sell the email addresses to marketers and spammers, and you give your email away freely. But that shouldn’t be a big deal as long as you know how to use email and following my simple steps and rules you won’t get yourself in trouble.
Cut and paste this and send to everyone you know that you think needs a reminder.
Binaryblogger.com Email Use Safety Tips
- NO BANK, RETAILER, BUSINESS will EVER ask you to confirm your account and ask you to login or your account will be suspended. NEVER! If you get one of these delete the email immediately.
- Legitimate email or not, get into the habit of never using email links to get to a login page. Open a browser yourself and navigate to the webpage with your bookmark. (Always review the address)
- Any email that says that you need to send money to get more money, delete it. Not real.
- Any email that talks about a tracking number for FedEx or UPS and you need to click on a link to check it. STOP. If you are not aware of any shipments its fake. If you are, close email and open the browser yourself.
- Unless you are 100% sure, best practice is never to click on links in emails. Phishing attempts are so good now it’s safer to take a few extra steps yourself.
- If you receive attachments in an email, download it first before opening it. Look at the extension. Virus and malware attacks use disguised files to launch bad, bad things. If you aren’t sure delete the email and contact the sender to confirm.
- Banks will call you if there are problems with your accounts, rarely do they communicate through email because the bank can’t verify the receiver of the email. On the phone they can verify you.
- Never, ever send your social security number, credit card, or other critical information via email. Unsecure, wide open and it can be intercepted. Use the business website or call them.
- Create a second email account for message boards, websites, etc… If you use social networking create an email account that’s different from your personal email that you use for family and friends. It’s OK to have many email addresses. BinaryBlogger has close to a dozen, all for specific purposes.
Do you see a pattern in the list? Email phishing is 99.9% preventable and it’s all on you. All that needs to be done is a little awareness, a few extra seconds to think twice and know what to look for.
End of Line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.