We all know that digital con artists are on the rise as working and schooling from home look more long-term than we thought just a few months ago. From trolls and “deep fakes” on virtually all social media platforms, to ransomware and screen hijacks, to increasingly sophisticated email phishing scams, it’s more important than ever to learn and practice digital protection techniques and habits (and to teach them to your colleagues and family). These range from the technical (e.g., proper intrusion prevention and regular backup regimens) to user awareness (e.g., learning to reduce self-inflicted harm by not clicking on links you shouldn’t).
The most common – and usually the most damaging – channel through which these threats arrive continues to be email. These phishing scams are often easily detectable because they are so poorly designed; misspellings and cheap graphics easily betray their often-offshore origins. Indeed, precisely because so many phishing attempts are so obvious, we can be lulled into a false confidence and think that we’d never be tricked because we’re on to them.
Nonetheless, we’re facing a surge of extremely sophisticated scams that too often fool even the most cautious users. So here’s one technique you should ALWAYS employ.
Before clicking on ANY link inside an email, roll your cursor over the link and look carefully at the address that pops up (which will display either next to the link if you’re in email, or in the very lower left corner of your browser window if you’re on a web page). This pop-up information is the TRUE destination of the link.
Look at this example, which I received last week. At first glance it certainly appears, at least visually, to be from Microsoft. And the subject line got my attention because I don’t want any problems with my monthly payment for my Office 365 account. Yes, there is some slightly odd wording and punctuation in the message, but the point is that my brain’s first reaction to the visual format said “legit.”
And here’s a similar phishing message, also appearing to be from Microsoft. However, upon rolling over any of the links, their true destination is revealed as being a domain called “thedoctorstudeio.co” — obviously not Microsoft.
But you have to be VERY careful when you look at these rollover addresses because they are often disguised to look like a legitimate address. The same is true for the sender’s email address. Look at the first yellow highlights. “office.online.com” looks legit, but it’s not. Nor is “onmicrosoft.com”
Best practice, of course, is to NEVER click on any link inside an email unless you are expecting it. But if you’re tempted to, NEVER NEVER click before carefully examining where you’re bringing yourself.