Recently a client arrived at my office to pick up a fixed computer, telling me that on her way in she got a call from “Apple” telling her she needs to verify her apple account ID. She was asked if she was near a computer. She said no, “I’m on the road,” and the caller hung up. When she got here, however, there were two text messages threatening that her account would be frozen if she didn’t react. She didn’t. Good.
If you get an email purporting to be from, for instance, “Facebook” saying, “Your account password has been hacked. Click here to change your password, now,” or from “Amazon” telling you that, “Your package couldn’t be delivered. Please verify your information,” in 99.99% of these emails, it is a faker phishing for your login or account information and hoping to infect your system with nasty Mal/Spyor Adware if you click on the provided links.
Then there are the tantalizing subject lines, such as, “You won in the lottery!” or “A distant relative left you money!” If it’s too good to be true, you better believe there’s a hook. These phishers probably got some valid information on you (at least your email address). They might send fake emails like the one about an undeliverable Amazon package to a million email addresses, but even if only 1 percent of those email receivers were really waiting for a package and follow through, that still could compromise 10,000 people/identities. What the phisher is fishing for is any information they could use to get exploit you.
Tip: If there really is something wrong with one of your accounts, you should never click on any of the provided links, but go directly to the company’s website (such as www.amazon.com), log in there, and check things out. A phisher’s schtick is to make the matter urgent and build enough trust to get to you to act now, not later when you have time to think things through or verify information.
How to recognize phishers
Sometimes it is obvious, if the email is full of typos. Other times, the email looks legit, even with the original logos of the companies. It’s easy to cut and paste convincing images and logos!
Be more careful if the email comes from a Gmail account or some other free email account address instead of a corporate email address. Sadly, the names you see displayed in the email are often totally different from the real email address. For instance, a letter that you receive might say “XYZ” written on it as the sender, but it was really sent from “WXY.” Sometimes a person’s account has been hacked, and this email is really coming from a legit email address from someone you know. But when you read it, it’s really weird. The sender usually doesn’t even know his account was hacked. This happened a while back to my wife with an old school Gmail account; once she found out it had been hacked and was sending viral spam, she warned her friends via her new account and deleted the old one.
A more recent nasty phishing scam consisted of an email from the boss of a company to its employees to provide a couple of gift cards for a special occasion/event. And since these were needed right now (it was on a Sunday), the “boss” was asking them to email their validation codes ASAP.
So, what to do when you get suspicious about an email?
Do not open it. Do not click on any of the links or attachments, and do not reply to it.
It’s OK to delete it. Sometimes, I contact the person from whom this suspicious email seems to come to make them aware of a possible problem. Sometimes I think the shown names and email addresses might even come from your own address book on your computer. If your system is infected, it will create its own infected fake phishing emails and send them to the people in your address book. One way you might notice that something is wrong is if you get a lot of emails saying “could not be delivered” which happens for all the email addresses in your address book that are not current anymore.
So, be vigilant, skeptical, and smarter than the phisher!
Klaus Fuechsel founded Warrenton’s Dok Klaus Computer Care in 2002 and is known for his German-American humor and computer house calls. He and his award-winning tech team work hard to save data and solve their clients’ computer cases. Any questions? Ask the Dok at 540-428-2376 or Klaus@DokKlaus.com or go to www.dokklaus.com