Don’t go on that phishing trip!
On a pretty regular basis, I receive emails from Small Web Solutions clients asking me if a particular email is legitimate or not. Who hasn’t taken pause when an email lands in your inbox telling you of impending disaster unless you follow through on the directive made within the email?
Here is an example that showed up in my inbox today.
Now, being the actual smallwebsolutions.com IT Team myself, I know that I did not send this email. But how can you identify if YOU should follow through or not when your domain is involved? Here are two simple tips.
1. Is the sender legitimate? In this case the sender is smallwebsolutions.com IT Team. That all sounds legitimate, but check out that email address.
The Top Level Domain (TLD) ending looks suspicious. If you look up which TLDs end in “.pk” you will find that “.pk” is the TLD for Pakistan. This is a HUGE red flag, as Pakistan is well known for cyber crime.
2. Is the call-to-action legitimate? BEFORE you decide to click on any link, hover over the link or button in the email — in this case “KEEP MY PASSWORD” — and you will see the URL where the link takes you.
You can pretty much be assured that the domain “superficial-cool-cardboard.glitch.me” is not a legitimate domain address for updating your password. This is your second HUGE red flag. Clicking that link could lead you to a site where malware is immediately installed on your device and/or any inputs you provide (phished by the hacker), such as your current password, will be used to access your email account for nefarious purposes.
Much of this is just common sense. Other indicators that might give away the intent of the email are misspelled words, incorrect grammar, or foreign spellings of American words such as programme/program, centre/center, labour/labor, etc.
And if you feel that you need to drop me a note to determine if an email is legitimate or not, 99 percent of the time your intuition is working in your favor.
Be safe out there!
You must be logged in to post a comment.