Be careful when you read your email! I’ve noticed an increase in phishing messages in the last few months. The bad guys continue to improve their grammar and the presentation of their fake messages, to make it more likely that you’ll be fooled into giving them a password or a credit card number. You have to treat all your email messages as poison until you convince yourself that each one is real.
The bad guys are bored, sitting at home during the pandemic all over the world. They have nothing better to do than try to fool you. I can give you a few examples, but the bad guys are endlessly creative, so you will likely see your own different versions of fake messages. Remember the rules!
Most security attacks begin with a link in a legitimate-looking email message. Do not click on links unless you are 100% certain they lead somewhere you want to go.
Always hover over a link before you click on it. Do not click unless it is obviously a legitimate link.
The bad guys can make the sender’s name and email address appear any way they choose on a malicious message.
If you get a malware message by email and don’t click on a link, it hasn’t hurt your computer. Delete it.
Many fake messages use Microsoft or Office 365 logos to give them a veneer of authenticity. If you click on the link in the above message, it leads to a web page that looks like a Microsoft login screen. Typing in your password is like giving your wallet to muggers.
This message has typical giveaways. The sender’s email address is obviously not associated with Microsoft or Office 365. If you hover over the Review button, the link that comes up does not lead to a Microsoft address.
Here’s another one that uses Office 365 branding.
Again, notice the sender is not Microsoft, and look at where the link leads when you hover over Keep same password.
There are many variations on messages that claim to contain voicemail messages. Perhaps the purported message is an attachment, maybe it’s a link to click on. All of them are phony, of course.
Another rule to remember:
Do not click on a link to a file in Google Drive, Dropbox, or other online services unless you know with 100% certainty that the file is something you want.
Here’s an example of why that rule is important – another phony message with a link that leads to bad things. The sender appears to be Dropbox; either the sender’s address is forged, or the message contains a real link to a virus file in Dropbox.
There are Covid scams, rental scams, eBay and Craigslist scams, and my god, how can we trust anything online?
Memorize the Rules For Computer And Online Safety, and be careful out there.
Thank you, this helped me so much.
Do you recommend forwarding phishing messages to the actual site?
The most recent being PayPal, supposedly. Open a new tab, go directly to the PayPal security E-address (firstname.lastname@example.org), and forward the phony ( phishing) one.
The volume of messages is so high that I can’t believe it makes much difference. It’s a public-spirited thing to do, though, far be it for me to discourage you from doing the right thing.