Email Scams - Phishing

Email Scams - Phishing

E-mail scams such as "Phishing" (fishing) are used the most to disrupt computers, networks, services, etc. Users need to be aware of what a phishing email is and what they should do when they receive them.

10 ways to recognize phisher (spoof) emails

Lately, the most common question has been about whether or not an e-mail someone has received is a phisher email.

The 10 tips below should help you recognize a phisher email.

1. Generic greetings. Many phisher emails begin with a general greeting, such as: "Dear member." If you do not see your first and last name, be suspicious.

2. A fake sender's address. A phisher email may include a forged email address in the "From" field. This field is easily altered.

3. A false sense of urgency. Many phisher emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim they're updating their accounts and need your information fast.

4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a phisher website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.

5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information.

6. Deceptive URLs. Only enter your EarthLink password on EarthLink pages. These begin with https://www.earthlink.net/, ...my.earthlink.net, ...webmail.earthlink.net, etc.
- Even if a URL contains the word "EarthLink," it may not be an EarthLink site. Examples of deceptive URLs include: www.earthlinksupport.com, www.earth1ink.com, www.accounts-earthlink.com, and www.earthlinkcom.net.

7. Misspellings and bad grammar. phisher emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.

8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.

9. Pop-up boxes in an email are not secure. Don't enter personal information into them.

10. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment unless you know the person that sent it to you. Most people become infected by clicking on some sort of attachment that causes them to download spyware or a virus.

When your receive an email that matches any of the above items you should immediately contact your system/security support person. If your receive one of these at home delete it. If you know the company or web site referenced in the suspect email then open your browser and navigate to that web site (do not click on any links, etc in the email), select "Contact Us" link, and then send them an email describing the email.

A lot of the companies will respond asking you to forward the suspect email to their fraud/security department so they can investigate. Remember, do not click on any links or respond to the phishing email. If you have HTML on in your email browser you should have it turned off (see email client section for your email program).

If you have any questions just let me know.