Special thanks to Evan Fagan, Security Intern from Norwich University

Abhorrent Tricks by scummy Email scammers:

Taking advantage of tragedies to make money or infect systems for future use is tragically nothing new. The Orlando nightclub shooting has given fresh opportunities to phishers due to the amplified ability to take advantage of public concern, anger, and curiosity relating to this event. An article from phishing training company KnowBe4, describes some of the scam emails users may soon see in their inboxes. From fake blood drive links and fake charity pages for the victims and their families, to alleged “exclusive insider information” about the shootings such as pictures or videos from the event, etc., Phishing scammers are using this tragic event to prey on people legitimately trying to give back by donating blood, money, or others who are simply curious to know or see more about this shooting.

6 Ways to Avoid Getting “Hooked” by Phishers

There are, as with many areas of computer security, simple and important best practices to follow to keep you and your business secure. Here are six recommendations, in order of importance, to avoid clicking on a phishing email:

Did you expect to receive this Email? Was this email expected and does it make sense that you are receiving it at the email address it came to? If neither of these are are true you should delete it.

Personalization: Should the sender know your name and be greeting you with that instead of a generic greeting – Dear Customer?  Amazon, eBay, PayPal, and others always use your name.

Is the Link shortened or Verifiability? Can you verify the link directly by mousing over it?  Does it go to a well-known website?  If the link is shortened (short links explained) to hide the legitimate potentially malicious link, or outright points to anything with a foreign country (.ru = Russia .cn = China and .kp = North Korea) or looks/feels suspicious – don’t click –delete it.

Language: Does the email contain proper English grammar and spelling? Or does it look like it was crafted by someone whose English was their second language?  If so, delete it.

Asking for Credentials: Is the email asking for usernames or passwords back via email? Is the email reporting a problem with your account that needs immediate attention?  Don’t trust the links, open up a new web browser and manually type the website address in to check on your account if you’re truly concerned.

Location: Do you live in the area? If you live in New England and you get a blood drive email for a far-away area like Orlando, be suspicious since blood will most likely not be brought in from that far away.

If there’s anything else about the email that strikes you as even slightly off or strange, listen to your gut and delete it.  The worst that could happen is you get contacted by phone or email again if it was truly important.  Following these guidelines will help keep your business safer and your accounts protected from compromise.  Don’t let scummy scammers take advantage of tragedies like Orlando – always be vigilant!

Security Consulting Portsmouth

Craig Taylor | Chief Security Officer | Neoscope

30 International Dr. Portsmouth NH 03801

603.505.4902 ext. 723