Email phishing scams are often the biggest threats to our personal online security. And yet most of the time we ignore them because we think we’re too smart to fall for them. Watch out!
The best way to defeat email phishing scams is to be alert and prepared…but how do you do that? Using the STOP method, you’ll be better prepared and less likely to fall for these common email scams.
Be sure to subscribe to the All Things Secured YouTube channel!
Earlier this year, my friend received an email from Netflix saying that his billing information was incomplete and his account would be closed down if he didn’t resolve the problem soon.
Lose access to all those movies and TV shows? That’s just unacceptable!
So he clicked the link which brought him to the Netflix homepage and he logged in. He then proceeded to the billing page where he re-entered his information.
Problem solved, right?
The unfortunate reality is that when he clicked the link in his email, he was unknowingly brought to an exact copy of the Netflix homepage. He gave the scammers his Netflix login, then he went to the fake billing page and gave them his credit card information.
He had been duped by a classic email phishing scam.
If he had followed the STOP Method, this could have been easily avoided. Unfortunately, he’s part of the majority of internet users who think they aren’t dumb enough to fall for email phishing scams.
Email Phishing Scams Expose Your Vulnerabilities
Although it may not seem like it at first, email is often where our personal online security is shown to be most vulnerable. We think we’re too smart to be scammed by the “Nigerian prince” story.
But email phishing scams have evolved to be much more clever, and even the smartest people have been hoodwinked.
The majority of attacks on our privacy begin in our inbox, which is a big problem because our email is a gateway to…
…our social media accounts;
…and even our identity.
There is no software that can beat email phishing completely.
More often than not, the vulnerability isn’t in the email software you use (Gmail, Hotmail, Yahoo, etc.).
The problem is you.
We, as humans, are easily manipulated by emotions such as sympathy, urgency and the desire to help.
These types of scams are known in the security world as “phishing”, which is similar to the sport of fishing both in its pronunciation as well as its objective. Hackers are phishing to see who they can hook into giving them sensitive information about themselves.
So what can you do to make sure that you don’t get hooked by the email phishing scams bait?
Remember to STOP (Personal Security Method)
You need to train yourself to STOP as you open your email.
It doesn’t matter if you know the person who sent you the email or not, you should ask yourself four simple questions.
Is this email…
- Suspicious in any way?
- Telling you to click a link, button or attachment?
- Offering something that’s too good to be true?
- Pushing you to do something quickly?
Before we move into what you should do if you suspect that what you’re looking at is one of those email phishing scams, let’s dive into more detail on each of these points.
S – Suspicious in any Way?
Sometimes it’s a misspelled word or poor grammar. It could be the fact that the email feels “out of the blue” or contrary to what you expected.
And sometimes it’s just a gut feeling.
I remember when we used to tell kids not to take candy from strangers. As odd as it sounds, those were the good old days when the “bad guy” always drove a windowless van and safety was as simple as avoiding strangers.
Somewhere along the way, we realized that in most cases, the greatest threat to a kid is usually from people they know and trust.
The same goes for email.
It may seem obvious to you that there is no Nigerian prince that wants to wire you $1 million, but what about that email from your uncle telling you that he has a medical emergency and needs $1,000 to pay the bills or else he’s won’t receive the necessary treatment?
Or perhaps it’s that email from Netflix telling you that your credit card was declined and you need to log in to verify your billing details.
These are just two of numerous email phishing scams I’ve personally seen.
The point here is that your suspicion of an email should not be based on who it appears to come from. A healthy dose of caution is necessary every single time you open an email, especially if it includes a link, button or attachment.
T – Telling You to Click a Button or Link?
Links and buttons in emails are hard to judge. On the one hand, if you talked with a friend about that video they watched and then you receive an email from them with a link to YouTube, there’s a high probability that this link is good.
However, the tricky thing about links in emails is that they don’t always go where they say they go. For example:
- A “bit.ly” link: There are services known as “link shorteners” like Bit.ly that transform any link into a shorter link. I can’t think of any reason that somebody should be sending you a shortened link in an email, so I recommend never clicking these links.
- Bait-and-switch Links: The problem with email is that you don’t always know where the linked text leads. Just because you see the words “www.yourbank.com” underlined in blue doesn’t mean that’s where the URL actual goes. It could be a link to a fake login page where you hand over your login details.
The general rule is this:
Unless you are 100% sure, avoid clicking links or buttons in an email.
Attachments are slightly different. Many email clients such as Gmail and Hotmail now scan your attachments and allow you to preview the file online before you download it.
These kinds of services take a lot of the risk and guess work out of opening an email attachment. However, there are still times when you might receive a .zip file or a .exe file that you need to be cautious.
If you’re unable to preview the file and you’re not sure why you’re receiving it, you should probably not open it.
O – Offering Something to Good to Be True?
Want to make some extra money? Did you know that those expensive drugs you take can be found for a quarter of the price you pay?
“Congratulations…you won something!“
Email offer spam isn’t as prevalent as it used to be a decade ago, but it still exists. And it still exists for one simple reason: curiosity.
We may know that the offer is too good to be true and we may suspect that we didn’t really win a new car, but all it takes is enough curiosity to make us click.
That’s what they want: the click.
Unless you can verify the offer outside of email (which we’ll discuss in the next section), you should avoid clicking any links in these offer emails.
P – Pushing You to Act Quickly?
Urgency is the enemy of common sense security.
Emails that ask you to do something quickly that would normally be done with caution should immediately send up a red flag. This includes a number of things including:
- An email from a family member or friend requesting emergency funds;
- An email from your boss asking you to pay this invoice immediately;
- An email from your bank telling you to confirm receipt of funds within an hour or risk losing the money;
Anything that must be done now should be suspicious.
Instead of getting flustered, get focused. Focus on verifying whether or not this is a scam and if not, whether it truly is an emergency.
Now What? How to Deal with Suspected Spam
Imagine that you’ve received an email from your boss with an attached invoice that he asks you to pay immediately. As you go through your STOP questions you realize that:
He hasn’t done this before, so it’s a bit suspicious; also, it’s an urgent request asking for immediate action.
What to do you?
The most important thing you can do whenever you suspect that you might be receiving email phishing scams is to verify using an entirely different mode of communication.
It’s quick, it’s easy, and by pausing to give you time to think, it allows you to look more objectively at the situation.
Verify using a different method of communication.
In the case of your boss, you have a couple of different options. You can…
- Walk up to his office, pop your head in and just ask for quick verification that he sent the email;
- Call or text your boss seeking confirmation that he sent you the email;
Notice that the one thing you shouldn’t do is email him back to verify. This goes against the rules here that you use a different method of communication.
Defeat Email Phishing Scams
Everybody is susceptible to email phishing scams…even you.
The “hope and wait” strategy might have worked so far, but eventually you’re going to be one of those people who gets scammed unless you’re proactive.
Train yourself to use the STOP Method which forces you to ask…is this email:
- Telling me to click something?
- Offering me an amazing deal?
- Pushing me to do something NOW?
If so, the best thing you can do is work to confirm details via a different method of communication. This is really a process of trying to verify the email owner.
Call the bank.
Text your boss.
Visit the website in a separate browser window where you type in the address.
While this won’t eliminate 100% of the risks, it’s going to make you that much more secure as you’re dealing with email both in your personal and professional life.