How To Identify A Phishing Scam And What To Do If You Get One

In May Google Docs was used in a phishing scam which asked the unlucky person who thought they were opening a document to open it in an app. Opening the app gave the scammers access to your email accounts and all of your contacts. Google was able to stop the attack in a short period of time, but a lot of people got the email and the attack was spread to all of their contacts as well.

In this technical day and age, you would think that anyone with half a brain and any computer knowledge at all, wouldn’t fall for anything like this anymore. The scary fact is – we still do! We hear about it time and time again. The scammers know this. That is why they will continue to craft and send these bogus email scams. They will also continue to use highly recognizable and credible sources as bait. They used Google in this case, but many banks and credit card companies have been used as well.

I even fell for one – well sort of. Hey, I wasn’t always a Diva! I say sort of because it was a test email sent out by the IT department of the company I worked at. The email said that a package that I had ordered had arrived and I could track it by following the link. As happenstance would have it, I had been expecting several packages at the time. Even though I thought it was weird that I got it at my work email address, I clicked the link. Yes – I know. I should have known better, but I was working over nights at the time and was probably half asleep and not paying attention to what I was doing.

I was EXACTLY the person that real scammers are looking for; someone who wasn’t fully paying attention!

The test email that I got sent me to a link that the IT department set up explaining that I was for a lack of a better term a dumbass. Of course they didn’t say that, but that’s what I felt like.

So why did I tell this story? To prove that anyone can get scammed. A phishing email can be sent to thousands and thousands of people before it is caught and taken down. Google said that it only affected about 0.1% of users and they supposedly had the Google Doc scam down in about an hour. But when you realize that Google has 1 billion users – that is a LOT of people!

So what are some red flags that you should be looking out for? Getting an email from someone you don’t know with an attachment to it. Even an attachment from someone you know might be a red flag, if you are not expecting them to send you something.

There are attachments with file formats such as an .exe attachment should definitely raise a huge red flag. An .exe file is programmed to run on your computer automatically when you open it. This could plant a malicious program on your computer. Other formats that could be dangerous are .bat, .cmd, .js, .msi, .reg.

Attachments with embedded macros should also be opened with caution. Macros are programming codes that let you automate tasks that are complex or repetitive. .doc and .xls are commonly used file formats for macros. The attachment has a macro embedded in it if there is an “m” on the end – .docm or .xlsm.

Other things that are very suspicious are email requests for sensitive or personal information. NEVER give this information unless you are absolutely certain that you can trust who sent it. Just because it comes from your bank or credit card company doesn’t necessarily mean it’s safe. If you receive an email from what should be a trusted source for you, call them and find out if they sent the email.

You should be suspicious if you are asked to click on a link that leads to an outside source, unless you are expecting something such as a conformation to a registration or something like that. 

An offer of money or prizes are common email scams. Always remember if it seems too good to be true – it usually is.

If you didn’t initiate something but you receive a “follow up” request, then you probably should not trust that email.

What should you do if you feel you have received a phishing email? Deleting the email seems like the very first action you should take, but it’s actually the second. You should report it as soon as you discover it. Think of it this way, if this phishing scam hasn’t been discovered already, you could be a big help in shutting it down.

In Gmail, right next to the reply arrow there is a drop down menu. One of the options is report phishing. A pop up box will appear with a description of what a phishing email is and tells you by reporting it you will send the entire message to Google.

You can also email US-CERT (United States Computer Emergency Readiness Team) by forwarding them emails that you think are bogus. You can email them at phishing-report@us-cert.gov. If for some reason you cannot forward the message try and send the URL to the phishing website. If the email has a file attachment, it may be safer to forward the email without opening it up because in some platforms it may allow the file to execute the malicious program.

I hope that these few tips and solutions will help you out. I’ll more than likely end up writing more on phishing and other scams in the future, since it is such a big and important topic.

As always BE A COMMON SENSE CRUSADER FOR SECURITY! Stay safe!