It’s a jungle out there in the world of emails, a wild, unruly landscape where spam messages dart in and out like agile panthers, and phishing emails lurk like camouflaged pythons ready to pounce. Today, we turn the spotlight on a rather peculiar phishing email story that puts a twist on the tale.
This isn’t just another “prince with a fortune” email. Oh, no. This one asks a simple question: “Do you have an Amazon account?” This is a scam email we recently received with the word “favor” in the subject line:
Hi, hope all is well, I want to ask for a discrete assistance, do you shop on amazon site?
Rattling the phishing cages
Sometimes these phishing emails come in unexpected forms, like the innocent question posed above. This doesn’t seem threatening, but that’s where the danger lies. It’s even more alarming when these emails come from your known contacts – their accounts might have been hacked and are now being used to trick you.
If you reply to these emails, you risk providing information to scammers that could lead to identity theft, unauthorized access to your accounts, or other types of fraud. Your best line of defense is vigilance and a healthy dose of skepticism.
MORE: HOW TO PREVENT PHISHING ATTACKS
How to respond to suspicious emails
If you suspect an email, even from a known contact, don’t take any risks. Never click on links or download attachments from such emails. If it appears to be from a company you know, visit their official website yourself and contact them directly.
If you think a contact’s email has been compromised, reach out through another communication channel to verify. Lastly, make sure to secure your own email account to prevent it from being used as a tool in phishing scams.
Here are some steps to help you:
How to secure your email address
1. Activate two-step verification
Securing your email address using Two-Step Verification (also known as Two-Factor Authentication or 2FA) is an effective way to add an extra layer of security to your account. 2FA adds a step that hopefully makes it harder for hackers to get into your email.
Here’s a step-by-step guide on how to enable Two-Step Verification for some popular email providers through their browsers:
iCloud
- On your Mac, choose the Apple menu
- Then tap System Preferences
- Then click your name (or Apple ID)
- Click Password & Security
- Next, tap Two-Factor Authentication
- Then click Turn On and follow the onscreen instructions
- (You will need to enter a trusted phone number where you can receive verification codes by text messages or automated phone call. You will also need to enter the verification code sent to your phone number to confirm your identity)
Microsoft Outlook
- On your computer, sign in to your Microsoft Outlook account
- Click on your profile picture in the top-right corner and select My Microsoft account profile
- In the upper part of your screen, click on Security
- Enter your password
- Click on Advanced Security options
- Scroll down to the “Two-step verification” section and click Turn on
- Follow the on-screen instructions to enable 2-Step Verification for your Outlook/Hotmail account
Yahoo Mail
- On your computer, sign in to your Yahoo Mail account
- Click on your profile picture in the top-right corner and select Account info
- In the left sidebar, click on Security
- Scroll down and click Turn on next to the Two-step verification option to enable it
- Next, you will need to choose a method for receiving the verification code and then tap on it, and follow the on-screen instructions.
AOL
- On your computer, sign in to your AOL account using your existing credentials
- Once you’re logged in, click on your profile icon or your name in the top-right corner of the page and click Account Security
- Look for an option labeled enable 2-step Verification
- Next, you will need to choose a method for receiving the verification code and then tap on it, and follow the on-screen instructions.
Gmail
- On your computer, sign in to your Gmail account
- Click on your profile picture in the top-right corner and select Manage your Google Account
- In the left sidebar, click on Security
- Scroll down to the “How you sign into Google” section and click on 2-step Verification
- Click on Get Started and follow the on-screen instructions to set up 2-step Verification for your account and then click Turn On
MORE: PROTECT YOURSELF FROM TECH SUPPORT SCAMS
2. Have good antivirus software on all your devices
The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices.
Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked.
3. Use a strong, unique password
Don’t take the easy road with “123456” or “password.” Craft a unique, robust password – something that doesn’t involve your birth date, pet’s name, or favorite movie. Think of it as your secret handshake. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
Get more details about my best expert-reviewed Password Managers of 2023 here.
Here’s how and where to change your password on some popular accounts you may have:
How to change your iCloud account password
- On your Mac, choose the Apple menu in the upper left of your screen
- Then click System Settings
- Tap your name (or Apple ID)
- Select Password & Security
- Then click Change Password
- Enter the password used to unlock your Mac and follow the instructions to create a new password
How to change your Microsoft Outlook account password
-
- On your computer, sign in to your Microsoft Outlook account
- Click on your profile picture in the top-right corner and select My Microsoft account profile
- In the upper part of your screen, click on Security
- Enter your password
- Then click Password Security
- You will be asked to type in your Current password, then type your New password, & then reenter your new password
How to change your Yahoo email password
- On your computer, sign in to your Yahoo Mail account
- Click on your profile picture in the top-right corner and select Account info
- Near the top of the screen, click on Security
- Then scroll down to where it says Password and click Change Password
- Then you will be asked to type in a New Password and click Continue
How to change your AOL email password
- On your computer, sign in to your AOL account using your existing credentials
- Once you’re logged in, click on your profile icon or your name in the top-right corner of the page and click Account Security
- Scroll down to where it says password and click Change password
- Then type in your New password and tap Continue
How to change your Gmail account password
- On your computer, sign in to your Gmail account
- Click on your profile picture in the top-right corner and select Manage your Google Account
- In the left sidebar, click on Security
- Scroll down to the section “How you sign into Google” and click Password
- You may be asked to use your passkey to confirm it’s really you. Then enter your New Password, then confirm your new password by typing it again in the box provided
- Then click Change Password
4. Be skeptical of unexpected emails
Even if an email comes from a known contact, handle it with care if it seems out of character or asks unusual questions. Also, if you receive an email that asks you to click on a link, download an attachment, or provide personal information, do not do so without verifying the sender and the legitimacy of the request.
5. Create alias email addresses
Sometimes, it’s best to create various email aliases so that you don’t have to worry about all your info getting taken in a data breach. My top recommendation to avoid being inundated with spam emails is to use an alias email address. An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address.
In addition to creating throwaway email accounts for online sign-ups and other circumstances where you would not want to disclose your primary email address, alias email addresses are helpful for handling and organizing incoming communications.
See my review of best secure and private email services here.
Kurt Key Takeaways
In the end, remember, just like you wouldn’t step into the Amazon without a map and a guide, don’t dive into the depths of the internet without your wits about you.
The simple question remains: Have you had a close encounter with a phishing email? Let us know by commenting below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
26 comments
Do you have any tips to avoid employer scams? I am looking for a job and I get offers for remote position then they want me to order my equipment directly from vendors. The scam is they send you a check from “subsidiary”. Check is from home owners association which is not related to the company name given. The company is real but if you check the type of work does not match what scammers are claiming. I like to know how to avoid these scammers?
Hi Judy, please refer to our article here about employer scams and the ways to protect yourself.