Pandemic Week 7 – Don’t Get Bamboozled

One of the unfortunate side-effects of working from home is a tendency to let down your guard, which is only natural even for hardened telecommuters and virtual business operators like yours truly. Heck, some of you aren’t even putting on pants before starting your day, and if you are (relatively) new to working from home, initially there is something deliciously subversive attending a conference call in sweats and slippers. But as I’m sure all of you have now come to realize, that particular shine wears off real quick, almost to the point where putting on “real clothes” seems like an infringement on your Pandemic-given rights. Being some place other than home – that fabled place called “Work” – allows our brains to put on its business suit and gives us an edge in guarding against internet hijacks and hi-jinx. Now that you are working from home, and hopefully comfortable doing so, your brains are slouching around in pajama bottoms, and the hackers know this.

Don’t drop your guard!

Though it may feel different, the email approaches that hackers are using in an attempt to fool you into giving up your money, passwords or data are the same tried and true methods they’ve been using for years, some with a little more sophistication than others, but there are still plenty of ways to spot the fake emails.

1. Make use of spam and malware filters. If your email service does not have this built in, you need to move to a new provider. Even the free-mail providers like Yahoo and AOL have basic filtering in place, and some providers like Google and Microsoft, have excellent filtering even on their free accounts. If email ends up in your “junk” folder, it’s probably there for good reason.
2. Roll over (don’t click) links first! Outlook and just about every email client (application or web-based) has the capability to show you where a link is heading without having to actually click it. Roll your mouse cursor over the link – DON’T CLICK – and a pop-up with the actual hyperlink should appear (if there is one). You may be surprised to see that it isn’t the same as what is actually spelled out in the email. You can preview links on a phone by pressing and holding a link, but if you are fat-fingered like me, this may result in clicking through, so I DO NOT recommend trying to preview links on a phone unless you have no other recourse.
3. Pay attention to the sender’s email address. Microsoft, Google or Yahoo is not going to send you an account closure warning from some random domain ending in “.co.uk” nor are you going to get bank account warnings from an address ending in “banksecurity.me”. Don’t let the alarming subject distract you from the glaringly obvious clues. If it looks at all fishy, err on the side of caution and call someone.
4. Sometimes the sender’s address is real, but the email is fake. Unfortunately, the one that seems to trick people the most are the ones sent from compromised email addresses. Hackers get someone’s email password (either via phishing email, dark web or easily guessed combos), and rather than changing it, they covertly take over the account and use it to trick everyone on that person’s contact list. Devious and very effective. If you get an email from someone that immediately leads to a password request, stop and back away from the keyboard. It could be a phishing trap. Pick up the phone and confirm that the email was legitimate.
5. The government does not accept bitcoin. If you get an email from a government agency asking you to pay via Bitcoin for a fee, citation, back taxes, etc. it is not a legitimate request. Neither the FBI nor the IRS will contact you via email to ask you for payment via Bitcoin or gift cards or wire transfer.
6. Your friends and family aren’t going to ask via email for gift cards to help them financially. This is a commonly used (and relatively successful) tactic by hackers that have compromised an email account. Always call (ignore that the email says to not call or that they lost their phone or any other reason provided) to confirm that they sent the email. Ninety-nine times out of 100 it is not a legitimate request.
7. Know your vendors and service providers. If you get an email from Chase Bank warning you that your account is compromised, but you don’t bank with them, that’s a bit obvious, but just received a voicemail? Make sure it’s from YOUR phone provider, and not an fake email. Just got an efax? Do you even subscribe to an efax service? Maybe not legitimate. When in doubt call, if there is a phone number available, and if not, check if you can log into the service by going to it WITHOUT using a link provided in an email. You should have your critical service providers (Internet, Email, Cell Phone, Banks, etc) memorized, and if your brain is a bit too crowded for that, have it written down with a list of account numbers (partials just to be safe) and contact numbers or website addresses. If you have elderly relatives, make a list for them and have them tape it up somewhere prominently near the computer.

Image by thedarknut from Pixabay