A great reminder from the SANS Institute in their recent OUCH! newsletter. Email phishing attacks continue to plaque all of us. And they just seem to be getting better and better.
Summarized from the newsletter.
These phishing attempts work by:
- Harvesting Information: these are attempts to fool you. They want your bank routing number, you password, anything.
- Malicious Links: these attempts ask you to click on a link to see something. When you do, your computer is infected.
- Attachments: We've seen a number of these recently in the form of "zip" files. Opening these attachments will load malicious software on your computer.
- Scams: most of the time, these are just pleas for help or money made available to you through an inheritance.
Some good advice:
- Use common sense. If it's too good to be true it is.
- If the email has a sense of urgency or invokes a sense of urgency (see one of our previous posts on this), it should trigger a warning.
- Grammar or spelling mistakes are good clues, although, these are going away.
- Do not click on links. We've mentioned this before as well. This is frustrating but if you get a notice from your bank that your statement is ready, don't click on the link. Go to your bank's web site and access it from there.
- Don't open attachments. This one is hard as well. It may take asking the person who sent you the attachment whether they sent it.
- These phishers are getting good at making the email look like it's from one of your friends. We even had one this week that looked like it came from the U.S. Treasury.
To see the full newsletter, click on this link:
(now, this was a trick, should you click on this link?)