Everyone knows how to spot obvious phishing emails, or do they? There are many phishing techniques that are not so obvious. Some phishing attacks are trying to elicit an emotional response and scare you into a reactive impulse to click on a link. They may be from trusted sites such as Amazon or PayPal, typically confirming a transaction, such as a big screen TV purchase or an online payment being processed. The bad guys are hoping that when you see the confirmation on the purchase of your new 72” TV, you will immediately log into your account to see how this happened and how to cancel the order.
As mentioned in previous newsletters, the link contained in the email will take to you to a site that actually looks and feels like an actual vendor website. You will enter your credentials, and typically fail to log in. At that point, the bogus site transfers you to the real site where you would log in and find out that everything is ok, but you just made things worse when you unknowingly entered your credentials into the bogus site. If this happens to you, you need to immediately change your password on this site, and any other site that you use that password on.
If you receive an email like this, you must resist the temptation to click on the link in the email. Instead, you should go directly to the real site and verify if there is an issue with your account or if someone was actually trying to steal your credentials.
Other types of phishing emails may be from addresses such as the IRS, or a message from a friend containing information about the health of a friend. Beware of attachments and links in these types of emails.
