These are truly unprecedented times. With the coronavirus outbreak, most of the nation is sheltering in place, and only essential businesses remain open. Even just a few months ago, if you had mentioned “global pandemic,” “nationwide shelter-in-place,” and “social distancing” in the same sentence, you would likely have been met with skepticism and told to see your family physician.
Alas, here we are…
Given the national “stay-at-home” orders, most employees (of essential businesses, that is) are now working from home, a routine completely foreign to many. As such, they rely on email to keep up with their daily work tasks. Although there are collaboration and instant messaging platforms, email is still the driving force of communication for telecommuters, and it may be easy to overlook potential scams hidden in your inbox. Even though at home, you still need to maintain proper email security to ensure your computer remains uninfected.
Hackers are crafty nowadays with their phishing schemes, capitalizing on fear to get you to open that link or the “document” which then infects the computer with malicious software. And during this pandemic, fear is rampant.
But fear not! We are here to help alleviate your tech safety concerns. Below, you will find some key tips and advice to ensure these phishing schemes remain dead in the water.
Watch Your Ps and Qs!
While hackers possess strong phishing techniques, they are not well known for their grammatical proficiency. Grammar and spelling errors are the number one telltale sign of a fraudulent email. Look for things that are clearly misspelled or wrongly capitalized, or grammatical marks (like semicolons) used incorrectly.
However, grammatical issues do not necessarily mean the email is a phishing scam. And the opposite may be true – a phishing scam may be free from grammatical mistakes. Regardless, use your discretion.
Return to Sender: Who is sending the email?
Say you got an email from John in accounting. But you notice there is something odd, whether a typo or weird spacing. Before you click on anything, think to yourself: is this email legitimate?
Take a look at the sender and the sender’s email address. If it says John is the “sender” but the email address is from an unfamiliar domain (a different word, a seemingly “personal” account, or a collection of letters and numbers), you have most likely identified a phishing attempt.
It is possible however for the sender to “spoof” the email address, meaning it may actually look as if it is coming from John Smith’s email. If the sender displays an employee’s name and email address, take a second to look at the subject line and body and see what the sender is asking you to do. If the person is requesting $500 in cash be sent immediately, ask yourself if that person would really do that? If the sender wants you to open a link or attachment, ask yourself why?
During the COVID-19 pandemic, you may have subscribed to receive email updates from the CDC or the WHO for the latest news on the virus. Be warned, hackers can spoof those too. But luckily for you, the aforementioned advice still applies. Check the sender, the email address, and the body of the message. Does the email look like it is from a government organization or as if it has been hastily thrown together?
Beware of any “government” emails that ask you to click on links or open attachments. Those agencies tend to explain in the body of the email the news they wish to convey; it is unlikely they would try to funnel your attention to a website with a clickbait title or get you to open an attachment.
In sum, the person sending you that email may not actually be John from accounting or someone with the CDC, but really someone with “other” plans.
Attachments and Links Are Virtual Fishing Poles
Phishing emails may often contain web links or attachments. Be wary. Hackers use these tools as bait to lure unsuspecting targets.
If an email contains a link, think twice before you click. Without clicking on the link, hover over it with your cursor to see the actual address to which this link will take you if you click on it. That link could lead you to a site where you could download dangerous software.
A good rule of thumb is, when you receive a “suspicious” email with attachments, one that does not look or feel right, it probably is not right. If you receive an email with an attachment, ask yourself if you are expecting an attachment from that person. If not, it is probably a scam.
If there is a zip file attached to the email, be extra careful. Zip files are a convenient way to package together numerous files, but they may be very dangerous. Zip files for the most part cannot be scanned through anti-virus programs, so if you “unzip” the attachment, the intruder could get into your computer.
Ultimately, you are the fish for the phishing hacker. Don’t take the bait!
Conclusion
While you are working from home, it is imperative you maintain proper email security practices just as if you were in the office. Take extra precautions when you see a suspicious email, and make sure your security measures (firewalls, email security hardware-software, and antivirus and malware software) are up-to-date and active. Those measures should be your last resort in the defense against phishing schemes, but if you take precautions and think twice, you may catch these schemes before they can get a foothold on your computer.
Remember, if it looks phishy, it probably is.