To wrap up our month-long Kellam’s Tech Tips Cybersecurity Awareness blog series, I want to talk about two things: (1) How to protect against malicious websites and (2) Ways to detect phishing emails that are sent to your email address.
Not infrequently you are invited to visit a website from a stranger or a friend. If these invites are unexpected, there’s good reason to think it may be a malicious link. Our use of social media such as Twitter and Facebook provides additional means for scammers to try and fool you into clicking on a malicious link.
If you are unsure about a link, there are websites that function as “link checkers” that will tell you if the link is dangerous or safe. Websites like VirusTotal are easy and free to use, and a quick way to test out the safety of web links. After all, by clicking a link you can expose your computer and information to malware regardless of any information you offer up, so it’s better if you can test the link before visiting it.
I recommend using a link checker if you at all question the validity of the proffered link. Once upon a time you could hover your mouse over the link to see if it really was the address it seemed to be in the text (as the true link would show up at the bottom of the screen); however, even this can be spoofed now, so checking with the third-party verification site is best.
Similarly, phishing emails are often undetectable. In fact, some cleverly designed phishing scams even fool professionals. Often times a phishing email will appear to be sent from a legitimate service such as PayPal, for example, informing you that someone has tried to hack your account and will provide a link for you to provide information that will secure your account.
To start, if you are unsure, check with the claimed source of the email before opening. For instance, if it is an email purporting to be from your credit card company, call the number on the back of the card to verify the information disclosed in the email. Rarely will an email ask you for log-in information. Additionally, there are clues to look for if you are suspicious. For example, check the sender's email address to see if it is actually from the service or company it claims to be, or check for grammatical or spelling errors in the email.
Some email services such Microsoft Outlook and Gmail have built-in mechanisms to help weed out malicious emails; however, some can still get through to your inbox. For added protection, there are services such as Bitdefender that you can purchase. Ultimately, phishing emails will continue to evolve, so you will need to keep yourself informed on new techniques to know how to protect yourself most effectively.
As always, if you have any questions about what has been discussed in this blog, or previous ones, please be sure to contact us.