“Is this email legit?” I get this question a lot and most of the time the answer is no. Many of them are simply scams, companies trying to sell sketchy SEO programs or miracle medical devices. Others are more actively criminal, hoping to trick you into providing personal information, such as the login credentials to one of your online accounts. These techniques, known as phishing, are becoming more sophisticated every day.
Phishing attack emails often mimic the look and feel of companies whose services you already use, to fool you into responding. These message frequently claim that there is an urgent issue requiring immediate action. Clicking a link or downloading a file is almost always the next step. At this point, stop!
Apply a “smell test” to the entire message, especially to the link you’re being asked to click. In a web browser, hovering over the link with your mouse will display the link at the bottom of the window (you can try it out on the links in this email). The key to deciphering links is this: The true domain that the link points to comes last. For example:
https://docs.google.com = good
https://docs.google.criminals.com = bad
If the last domain is followed by a slash and more stuff, just ignore everything to the right of the slash. The last domain is the important part.
Test your skills
There’s more to know than just learning to read a link. The folks at Jigsaw, a division of Alphabet, the parent company of Google, have created a Phishing Quiz that walks you through a number of scenarios, showing how to recognize and avoid phishing attacks. I highly recommend that you give it a try.
|