Last week, the internet was set on fire by the Google Docs phishing attack. This attack was highly sophisticated, in that, it worked inside the Google Docs system. Many people clicked on this legitimate email, only to get their Google accounts hacked. What happened next is the scam was sent to everyone in their contacts. It gave the attacker full access to a person’s Google Account. Some even reported pictures, documents and the like deleted. In short, it was horrendous.
This type of attack did have its warning signs that should have tipped off users. In the “To” field, it showed an obvious, nonsensical address like, “hhhhhhhhhh” for the name. What helped this attack proliferate is, many of us do not take the time to read email address lines anymore. We look at the sender’s name, and if we recognize the name, we click away. This is not some sort of rebuke to you, the user, but a simple fact of life on the internet. Everyone at some point has done this.
Now some may be thinking, “Hey! Email security that’s IT’s job!”, and they are right. IT Departments have a responsibility to maintain security across the network. However, System Administrators do not sit in high towers, monitoring every single piece of email. Therefore, all computer users need to be alert to scams like those mentioned above.
Is It Real, Or Fake?
So how can you discern if an email is legitimate, or a scam? First, look at the “From” field in the email address. Does the name match the actual email address? For example, if you get an email from your friend “John Doe” and you know their email address is, johndoe[@]outlook.com, then that is what should be in the “From” field. You can tell this by hovering your mouse over the displayed name, and it should show the email address. But, if you see “John Doe” and the email address is, pavlov[@]underground.ru guess what? That’s a scammer you are looking at. Do not open any attachment on that email, or click any links.
Another way to determine if you are looking at a phishing/virus type email, is when you get an email out of the clear blue. For example and email from Paypal, or Microsoft, with a link asking you to verify information. Virtually 100% of the time, this is a phishing scam so please, do not click it! The email address may even look legitimate, like service[@]paypal.com. No legitimate business is going to contact you out of the clear blue asking you to verify information that they already have. Sometimes, these are under the guise of, “We have detected your computer is infected!” type emails, to scare you into clicking the scam link in the email. Rest assured, Microsoft, nor any other company for that matter, does not watch individual computers for viruses. Have I already mentioned not to click on any links/attachments?
Close To Home
Finally, one of the more difficult ones for some people to detect, are emails that come from people we know. These emails are legitimate and not spoofed. They may say something like, “Check out this crazy video!”, or, “Some cool pics”.
In situations like these, the sender’s computer is infected with a virus. If you open any links or attachments, your computer will become infected. It will email itself to all your contacts and the cycle continues. If an email appears suspicious, call your friend or coworker. Ask them if they sent that email before opening anything in these types of emails. If you cannot reach them, contact your IT Department who can usually determine if something is legitimate, or a scam.
The attack on Google last week, is another one of those sobering events that brings us back to reality. There are unscrupulous people on the internet with nothing better to do than ruin people’s lives. Email security is everyone’s responsibility, and we must remain vigilant. With the information mentioned in this article, you are now more aware of what some of these scams look like, and how to avoid them.