With COVID-19 disrupting every facet of life across the globe right now, it can be overwhelming to keep on top of every new scam. Spam may be inundating your inbox, getting through by legitimate SMTP servers that haven't yet been blacklisted. These servers will be marked and blacklisted soon enough, but not before it's too late.
In this article, we arm you with knowledge to help you from falling for a scam.
The sad reality is that phishing scams are becoming harder to detect. The criminals are getting better at crafting emails that fool you into handing over your personal information.
“Phishing scams are a 21st century game of cat and mouse.”
Take this phishing scam that one of our clients received recently, which appears to originate from one of Canada’s largest banks.
The email looks legitimate at a glance. The main URL link in the header is correct, the bottom links to cibc.com and the Fraud Information Centre links are correct, too. While these links are copied from existing, legitimate emails, it's the fake“Update Contact Information” link that the scammers are hoping you’ll click on. The good news is that these redirect links are brought down quickly once discovered, but often not before they've tricked a few people into giving their personal information.
This type of scam fools a lot of people. My 81-year-old father is a prime example of someone who would be trickedby this, but many younger people fall for these as well. Phishing scams know no age boundaries.
Check the sender’s email address. One of the quickest ways to determine if this is a scam is to check the email address in the from field. In this case, the email shows as:
From: CIBC Online Banking <email@example.com>
Many email applications don’t show the actual email address, so the user would only see the sender’s name:
From: CIBC Online Banking
This seems legitimate, but unfortunately it's not. A quick way to tell if it's authentic is to check the sender’s actual email address. While this isn’t necessarily a guarantee, it's a quick way to root out scams such as these.
Right-clicking on the sender’s name shows you the actual email address. In general, while the body of the email resembles the proper look and feel as coming from CIBC, the scammers will only mask the From name, but not the actual email address, as shown. The actual email address is not legitimate.
A legitimate email would look similar to the image below. You can see that the actual email is coming from a CIBC domain. Again, while this doesn’t guarantee that the email's legitimate, it's a fast way to spot spam that makes it through the spam filters.
Next, check all the URLs. Before clicking on any links, especially those that have to do with your personal or financial information, “preview” the link URL. If you're on a mac and use Apple Mail, you can do this by hovering over the link as shown in this video:
While not quite as effective as Apple Mail, other applications, such as Microsoft Outlook on Windows, shows you the URL when you hover over the link . This is a great way to see where the link will take you before you click on it , and can lessen the chances you’ll fall for a phishing scam. You can see in this example when you hover over the site, the URL has nothing to do with CIBC banking.
This site is built to resemble the legitimate site, including the company’s branding. Once the user enters his or her credentials, bank card number, email address, user name and password, the damage is done. The criminals now have what they need to easily access their banking information. Unless the customer has 2-factor authentication set up on their accounts, if supported, there's very little they can do to stop the criminal from draining the bank account. Getting in touch with the bank's fraud department is a good idea, but it might be too late by the time the user has figured out that they’ve been scammed.
We at mailhive recognize that phishing scams are on the rise with the recent pandemic. It’s becoming increasingly harder to reduce the amount of phishing attacks coming in each and every day. Scams happen daily, but more so in times of crisis such as this. While we adjust our filters almost daily to reduce spam reaching your inbox, the reality is that some spam isn’t correctly tagged as spam and slips through.
There’s one final way to protect yourself, even if you fall for a phishing email. If sites you deal with allow for 2FA, such as our webmail services, setting it up will make it harder for a scammer to hack into your accounts. To learn how to enable 2FA for your mailhive account, visit our support centre.
Learning to identify emails from institutions that you deal with and by using the tips in this article can help ensure that you don’t get caught up in a scam, lose your hard-earned money or give away your privacy. If you’re ever unsure of an email that you’ve received, you can open a ticket or forward the email to firstname.lastname@example.org and we'll investigate it for you.