Consider these email subject lines:
- Attn: Beneficiary
- Account Information Requested
- Please confirm your email address
Spam or not spam?
The answer is not as obvious as one might think and everybody perceives spam differently. Spam arrives in many forms of media besides just email: instant messaging, forums, phone, social networking, videos, and websites.
How does spam find you?
First, of course, there’s luck. Sometimes, email messages are sent out blindly in hopes of reaching anyone they can. However, what usually transpires is that your email address (and sometimes other contact information) is obtained through means of information sharing and selling.
Think about buying a product online. When you make your purchase, you’re usually required to create an account with the company. Shortly after, you may start getting emails about other similar or recommended products from this same company. You didn’t directly request these emails, but by creating an account with this company they automatically add you to their email list as well as other possible marketing initiatives.
Some of these companies sell this information to other companies, and those companies to others. Repeat this process a few times and suddenly you’re being inundated with more and more emails about things that you may have little to no interest in – spam.
A lot of spam might be considered relatively harmless, like those emails that are trying to sell you something. Not so with malicious spam.
Malicious spam is a message that can appear to be very legitimate but is actually intent on obtaining further information from you, like your identity or financial data, in order to cause harm.
Why would anyone give out their personal information?
Think of the story of Little Red Riding Hood. A young girl is approached by a wolf, and she voluntarily tells him she is going to her grandmother’s house. What seemed harmless and irrelevant at first ends up becoming very bad down the road. The big bad wolf distracts the girl and gets to her grandmother’s house first. He gains entry by pretending to be the girl. He then swallows the grandmother whole and waits for the girl, now disguised as the grandmother.
So imagine receiving an email message that appears to be from grandmother. This email contains a link. Normally you would never so willingly click, but this email is different! This is from your grandmother!
Here’s another example. Let’s say you receive an email from the company whose product you were interested in earlier. This time, they claim they’ve been “hacked” and you need to reset your password. How wonderful that this company has your best interest at heart! You click on the link provided in the email and enter your login information. The only problem is, it wasn’t the company who sent that email but the wolf in disguise. The wolf made a website that looked exactly like the company you thought the email was coming from, and now you just gave your login information to them. They can now log in as you on the real company’s webpage and get access to all of your stuff.
So how can you see through the disguise?
Be cautious about giving out your email address.
While you should be mindful to whom you provide your information, you can’t always know whether that information will end up at some point in the hands of the wolf. So you should still be skeptical about the emails you receive.
Scrutinize links before clicking on them.
This may work for the most part, but isn’t a perfect solution as there are some emails that contain links you’ll need to click. For example, some companies will send you a verification email when you set up a new account on their website, and you’ll need to respond.
Use the hover technique
In most email programs, you can simply move your cursor to a link (any link including linked pictures) and let it rest there, hovering over the link (NO clicking). After a couple of seconds, you’ll see a tooltip appear above your cursor. This should reveal where the link is actually intending to take you. If the tooltip is going to take you somewhere other than where the written text claims, don’t click.
Keep in mind, websites can be programmed to modify this tooltip through browser applications. However, most email programs, won’t allow this and therefore the tooltip is usually a quick and easy method to figure out where a link wants to take you.
And in case you click on a malicious link…
Let’s be real. Sometimes we’re in a hurry, or our minds are elsewhere, we’re distracted for a moment, or we have a brief lapse in judgment, and we click on a link anyway.
The real danger here is when you’re brought to a website and it’s asking you for information, whether that’s to log in, reset your password, verify your identity, etc. If you are brought to a website and are asked for ANY kind of information, leave.
Close your browser (the tab / window) and then manually type the URL and browse to the intended website.
Doing this will help ensure you are you are providing your information to the right party.
Remember: Caution is Key
The important thing to remember is to always use prudence with any online communications you receive. Being careful will not only protect your personal information but also make sure you get safely to grandmother’s house.