Now that the holiday season is behind us, have you noticed a significant increase in the number of advertising emails you are receiving? If you’re like me and most people I know, you probably made more online purchases than usual during the holidays. Coincidence? I think not.
Online retailers persuade consumers to create an account with them through incentivizing an additional 20 percent off just for signing up. When we create an account, we provide personal information in the process. The information is used to target us as a potential reoccurring customer.
Many online sellers will give you the option to forgo the new account creation to make a purchase and simply allow you to checkout as a guest. Selecting this option will not require you to provide nearly as much information to the seller, but you will miss out on that 20 percent incentive. Unfortunately, this option still requires basic information like your email address, which is the only piece of information a seller needs to send you marketing material.
With a significant uptick in the number of emails sent to consumers, scammers and online attackers use this to their advantage. This is an opportune time to leverage human vulnerability to manipulate us into clicking malicious links.
During this time of year especially, online attackers are sending out billions of phishing emails every day. Phishing emails are one of the most successful attacks used to compromise your computer system, steal your login credentials or install ransomware. Here are a few ways you can avoid being a victim of a phishing email.
The first thing to consider is whether you are expecting the email. Unexpected emails should be a red flag when it comes to legitimacy. This doesn’t mean all unexpected emails are scams but clicking on links inside these emails, without first verifying they are real, would be a bad idea.
Next, pay close attention to the sender’s email address. No legitimate organization will send an email from a public domain like @gmail.com, not even Google. Legitimate organizations email from their private domain. The domain is what comes after the @ symbol in the email address.
One tactic attackers use is to put the domain name before the @ symbol in the from address to trick you to think it is legitimate. For example, an attacker may use BankofAmerica@yahoo.com whereas a legitimate address from Bank of America would have BankofAmerica.com after the @ symbol.
Always read the entire email before clicking any links. Paying attention to grammatical errors and proper English will usually tell a lot about the legitimacy of the email; however, phishing emails are becoming harder to spot on this alone.
Most phishing emails try to create a sense of urgency for the recipient. If you receive an email requiring immediate action or else … you should always confirm the email before clicking on anything by calling the company using a phone number acquired outside the suspect email.
Last, if you click a link in an email that takes you to a website requiring you to login with your username and password, do NOT enter your credentials. This common tactic is used to manipulate you into giving an attacker your login information. Only login to websites you have intentionally visited on your own accord. Any link sent to you via email that redirects you to a login page is likely malicious.
If you are not 100 percent certain an email is legitimate, err on the side of caution and don’t click the link. If it is that important, they WILL contact you using other means. When in doubt, close out!