How to recognize phishing email messages, links, or phone calls

In light of the recent onslaught of phishing emails that most people aren’t savvy enough to recognize, I thought I would help you to be able to more easily identify these.

Many of these emails are coming from what appear to be VERY trustworthy sources, but in fact they are not.

These will include emails from, but not limited to:

·         Facebook ·         LinkedIn ·         Reuters ·         MySpace ·         YouTube

·         Twitter ·         Microsoft ·         UPS ·         Banks (too many to list) ·         FedEx

So I thought it prudent to reprint this article from Microsoft’s knowledgebase to further educate you on this exponentially growing dilemma.

The original article can be found HERE

Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

What does a phishing email message look like?

Here is an example of what a phishing scam in an email message might look like.

• Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.
• Beware of links in email. If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address.
  

Links might also lead you to .exe files. These kinds of file are known to spread malicious software.

• Threats. Have you ever received a threat that your Hotmail account would be closed if you didn’t respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.
• Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. For more information, see Avoid scams that use the Microsoft name fraudulently.

Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered. For more information, see Protect yourself from cybersquatting and fake web addresses.

Beware of phishing phone calls

Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Once they’ve gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Treat all unsolicited phone calls with skepticism. Do not provide any personal information.

For more information, see Avoid tech support phone scams.

Report phishing scams

If you receive a fake phone call, take down the caller’s information and report it to your local authorities.

You can use Microsoft tools to report a suspected scam on the web or in email.

• Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
• Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
• Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to reportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

With the amount of infections manifesting on everyone’s computers, tablets and phones these days, more and more we MUST take it upon ourselves to use caution when opening emails and especially links within those emails.

If you follow the guide above, ESPECIALLY about hovering your mouse cursor over any links within an email BEFORE clicking on them, you will be able to better tell if that link is bogus or not.

The most important thing about this though is that do not necessarily pay attention to the “balloon comment” that pops up when hovering over some links, but be mindful to look at what your browser says the link is at the bottom of your screen.  Of course that is if you’re using a browser to check your emails and have the information bar enabled so that you can see this (which can be enabled easily from within the browsers “view” settings).  If you are using a mail program, you may have to right click it to inspect it by possible copying it and pasting it into a plain text editor such as notepad.  Any text editor that is capable of showing rich text or html could be dangerous, such as wordpad or Microsoft Word etc.

Or just try to use some good judgement and think, “was I, or should I be getting this email?”

The only time this could be more difficult is when you receive the “official” looking ones regarding friend updates on Facebook or the like.  My suggestion is this, you can ALWAYS just go to that respective site (such as facebook.com) and log in to check your latest messages, updates and status.  It’s better and safer that way.

As far as banks or other accounts, they will never require you to log in from a link in an email, ALWAYS remember that.

The other thing I will suggest is Anti-Virus, firewall, and a couple of other anti-malware programs running or at your disposal on your PC, and they do have some protection available now for tablets and phones, definitely worth a looking into.

Sure keeping your computer or smart device safe with anti-malware protection is difficult at times, but well worth the time and investment up front.

But YOU are still your greatest anti-threat asset.  If you can remain diligent in the care you take in opening your email, you will have a much less troublesome experience in the long run.

Remember, these “phishers” are hoping that you’re gullible enough to click these misleading links.

I wish you much luck in your war against the phish…