Imagine this nightmare scenario. You receive an email from your health insurance provider, let’s say it’s Blue Shield, asking you to update your personal information by clicking on a link. You think it’s a routine request, so you click on the link and enter your name, date of birth, and social security number. The next thing you know, your identity is stolen, and your credit score is ruined.
This is a common occurrence of a phishing attack, a type of online scam that targets your email account. Phishing attacks are designed to trick you into clicking on malicious links, opening infected attachments, or providing personal information to hackers who want to steal your money, identity, or data. It’s definitely a concern of Don, from Michigan, who wrote to us asking,
You mention not to tap/select links in emails, how do I know if email links are OK to select? (like Blue Cross Blue Shield??) –
Well, Dan, that is a great question that we will answer and share some tips on how to protect yourself from these attacks.
How do I know if an email link is safe to select?
Here are three simple and effective ways to check if an email link is safe to select. These tips will help you avoid clicking on links that could lead you to phishing websites or malware downloads.
1) Inspect the link (on desktop or laptop)
Tap and hold on the email address or the sender’s name. This action should reveal more details about the sender, including the full email address.
Check Email Headers – Open the email and look for an option to view the email headers. This might be under “More” or “Details” depending on your email app. The headers can provide information about the email’s origin.
Look for Red Flags – Be cautious of emails with urgent requests, spelling errors, or unfamiliar links. These are common signs of phishing attempts.
2) Verify the sender of the email
Another way to check if an email link is safe to select is to verify the sender of the email. Make sure that the email is from a legitimate source and not a spoofed or fake one. Scammers often use slight variations or impersonate legitimate sources. You can do this by looking at the sender’s email address and name. If the email address or name doesn’t match the sender’s identity, don’t trust the email.
If you’re still unsure about the authenticity of an email or a link, you can contact the sender directly and ask them to confirm. Don’t use the contact information provided in the email, but look for it on their official website or other trusted sources. Whatever you do, do not click on any links or provide personal information.
MORE: HOW TO PROTECT YOUR IPHONE FROM CYBERATTACKS WITH LOCKDOWN MODE
3) Before you click on any links or email attachments, ask yourself 3 questions
Pause before clicking. Before you click on any link or open any attachment, take a moment to evaluate it and ask yourself these 3 questions:
- Do I know the sender?
- Do I trust them?
- Did I expect them to send me a link or an attachment?
If the answer is no to any of these questions, then you should absolutely not click on any link or open the attachment. These links or attachments may look harmless, but they can actually contain harmful malware that can damage your device or steal your data. It’s better to be safe than sorry when it comes to email attachments.
MORE: ANOTHER HOME THERMOSTAT FOUND VULNERABLE TO ATTACK
How to secure your email account from phishing attacks
Here are 6 tips to protect your email account from phishing attacks.
#1 CyberGuy tip: Use antivirus software: This is perhaps one of the best investments you can make for yourself to protect yourself from phishing scams.
Special for CyberGuy Readers:
Read my review of my best antivirus picks here
2) Enable two-factor authentication (2FA): Whenever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring a second form of verification, such as a unique code sent to your phone, in addition to your password.
3) Keep software up to date: Regularly update your operating system, web browsers, and antivirus software to ensure they are equipped to detect and prevent the latest threats.
4) Be cautious with personal information: Be wary of sharing sensitive information online, especially if it’s unsolicited or seems suspicious. Legitimate organizations rarely ask for personal details via email.
5) Keep spammers from getting any of your personal information to begin with
Regrettably, there is a high probability that your phone number and email address is readily available on many lists sold by data brokers to hundreds of people search websites. However, if you remove it from the web it can reduce the likelihood of spammers and telemarketers obtaining your number and contacting you.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
6) Report suspicious emails: If you receive a suspicious email claiming to be from a specific organization, report it to that organization’s official support or security team so they can take appropriate action.
7) Educate yourself and others: Stay informed about the latest phishing tactics and share this knowledge with friends, family, and colleagues. Awareness is a powerful tool in preventing scams.
MORE: FACEBOOK ACCOUNTS HIT WITH MALICIOUS AD ATTACK WITH DANGEROUS MALWARE
What should you do if you’ve clicked a link and installed malware on your device?
1) Scan your device for malware
2) Change your passwords immediately
ANOTHER DEVICE
3) Monitor your accounts and transactions
4) Use identity theft protection
One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Special for CyberGuy Readers: Save up to 51% with my top recommendation is Identity Guard.
Read more of my review of best identity theft protection services here.
5) Contact your bank and credit card companies
6) Alert your contacts
7) Restore your device to factory settings
MORE: HOW HACKERS ARE TARGETING X VERIFICATION ACCOUNTS TO TRICK YOU
Kurt’s key takeaways
Have you ever encountered a suspicious email or phishing attempt? How did you handle it, and what did you learn from the experience? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
2 comments