This week at work I have particularly been learning how to deal with reports of phishing and spam. A lot of examples are quite easy to spot but there is a real need for caution with any email you receive. We’ve become quite dependent on email but it has some significant issues. Two rules of thumb that will increase your safety are:
- Don’t assume that it really came from the alleged sender. Email is relatively easy to ‘spoof’, which for cybercriminals is a boon. They claim someone else’s name and write it on the message and, once dropped in an online postbox, the global system happily delivers it to you. Always ask if you expected that person to email you at that time with that request. You can even pay attention to the writing style – although imprecise, you can often spot the distinctive ‘handwriting’ that lies behind the type.
- Take care before you click on anything. Hover over links to see where they actually go (sometimes fake names can look plausible so take care with this) and don’t click on attachments just through idle curiosity. Ideally, the text of the email should clearly explain what to expect and, for a link, give enough clues that you could find it by independent searching.
There are ways of digitally signing messages to give a better reason to trust them but it isn’t trivial to do and so rarely happens. Therefore, for now, treat everything with caution. For example, if this blog starts to show signs of a coherent plan rather than just being a motley collection of things that have interested me, you should know to be suspicious!