Do not click on links in email messages unless you are 100% certain they lead somewhere you want to go.
We are being assaulted by a torrent of phony email messages from criminals. The messages look legitimate. The links lead to fake websites that will try to steal your password or credit card number.
Always hover over a link in an email message before you click on it. Do not click unless it is obviously a legitimate link.
When you hover over a link, a popup will show you where it leads. Don’t click if the link doesn’t match the company that is supposed to have sent the message.
If you get a malware message and you don’t click on a link, it hasn’t hurt your computer. Delete it.
Today – just today! – I got a dozen messages that appeared to be from Netflix, Docusign, FedEx, Microsoft, Office 365, and more. All of them were designed to look like real messages from those companies. All of them were from criminals.
We’re under attack. I have been contacted by more clients about fake messages in the last three weeks than in the rest of 2017. This is apparently the latest game for the bad guys. Maybe some new email servers went online for bad guys and they’re celebrating.
The latest malware messages are all subtle and understated. The bad guys know that we are in a hurry when we read our mail. We’re more likely to click on links that don’t call attention to themselves and look like routine tech maintenance.
There are two giveaways.
The sender of the messages is almost always a random name that has nothing to do with the company supposedly sending the message. In the above message supposedly from “Docusign,” the bad guys at least made an effort to fool you – it looks like it’s from @docusign.com but the name is spelled with alternate characters and umlauts, which a computer reads as something different than the real thing. But the next identification of the sender, in brackets, obviously has nothing to do with Docusign. (Nobody’s mail was hacked and the email address shown as the sender has nothing to do with the scam. The bad guys are picking random names as the “senders.”)
Hovering over the link shows that it does not lead to anything like Docusign. That’s the real giveaway. Always hover over a link before you click!
Here’s an example of a message that appears to be from Netflix.
If you got this message and clicked on the link, you would be taken to a website that looks like the real Netflix site with a real-looking login window.
If you sign in, the bad guys have your Netflix password. They’ll test it with banks and other online services to see if you used the same password. Then they’ll take you to a page to “update your payment information.” If you’re not paying attention, you will voluntarily give your credit card information to criminals.
Here are more examples from today’s mail. In each case, there is a link that leads to a phony website.
Here’s one about “cluster email,” a meaningless phrase that sounds vaguely computerey. The message has a PDF attached. The PDF is harmless by itself, but it has links in it to “manually clear your cluster levels.” You guessed it – all the links lead to poisoned websites.
It doesn’t matter what a message says. Don’t click on links unless you are 100% certain they lead somewhere you want to go.
Read the Rules for Computer and Online Safety. Be careful out there!
Well, I wouldn’t say that it’s necessary to be paranoid just to doubt that you won a car or anything haha. Still, I know what you mean.
I really hate to be a late-to-the-party pooper, but this “security warning” advice is roughly 15, if not 20 years, too late.
I gave out lectures about this in the late 90s and early 2000s. Fast forward to around 2015 and 2016 and my best friend’s wife and my mom have both been victims… fake browser popups for the former and fake award phone texts/calls from Bermuda for the latter. I still get a few “hey is this legit?” questions from friends, but a lot of the older generation is pretty skeptical now. I wish the two people I know had called me about their problems before it was too late.
My favorite scam of all time was when my Dad happened to be visiting me and we were having lunch. A Bermuda-accented man called and told me that I won a car. I was in a really playful mood, so I played super dumb for quite some time. I asked the type of car, and … I kid you not… it was going to be a GMC Tahoe. I just muted the phone and literally laughed out loud. I wasn’t laughing quite as much when I found out a few years later that my mom fell for practically the same repackaged scam.
Paranoia is literally the only way people can be safe online today. And that’s why warnings like this are necessary – people need to get the message over and over. I’ve been writing articles like this for a long time, along with advice about not calling the 800 number on fake security popups and all the rest. Print out copies of the Rules for Computer and Online Safety and pass them out at coffee houses. Or wherever people gather these days. I don’t get out much. Keep teaching people to be skeptical!
Do also try to avoid suspicious looking links, ads, and freeware programs. Unless you’re sure that the freeware program is legitimate from its legitimate website.