In honor of my Caught Dead in Wyoming mystery series, my assistant Kay Coyte is writing for my newsletter and blog a series of consumer tips inspired by TV reporter Elizabeth Danniher.
As I was working on this column, focusing on warnings and advice about bad stuff that arrives in your email inbox, I got a message from a trusted neighbor, a reply to a community-wide announcement about an upcoming annual business meeting. But it came with an “Encrypted attachment warning” that the attachment couldn’t be “scanned for malicious content” and to avoid downloading it unless I knew the sender (check) and was confident that the email was legitimate (check – well, except for that big orange warning sign!). I hovered over the sender’s email address – it was hers. The message was a little abrupt and the zip file attachment was labeled simply “request,” but the board announcement sought added agenda items, so it was plausible.
I clicked on the attachment.
I shouldn’t have.
Tip for the day: Don’t do that!
Too late, I contacted the neighbor, asking if she’d sent the email. Nope. Her account had been hacked. So I deleted the attachment, shut down my desktop system, then rebooted it and ran a security check, which flagged a virus. I’m not positive it’s problem-solved so I’m calling in my tech expert this week to have him investigate. Let’s hope the bullet I didn’t dodge hasn’t done too much damage.
I’d earlier received an email with this image.
It is an example of the types of phishing emails made to mimic a legitimate retail store or other business or agency. This one was pretty clear – the random text in the subject line and sender’s address. But I include it to show how scammers use business logos, images and enticing offers to get you to click on a link or download an attachment. Other red flags to look for:
— a generic greeting. If you have an account with the business, it probably would use the name your account is in.
— a suggestion to update your payment details or confirm some personal information by clicking on a highlighted link.
— a typo in the domain name. Anyone can buy a domain name from a registrar. One scammer trick is to drop a letter. So, what might be
RealBusiness(dotcom) becomes RealBusiness(dotco), a scam operation in the country of Colombia (.co). Another ploy: the letters ‘r’ and ‘n’ run together mimic the letter ‘m.’ If your eyesight, like mine, isn’t great, it would hard to distinguish, for example, umbbank(dotcom) from urnbbank(dotcom).
Here are two good how-to-detect-phishing articles, one from the Norton online security firm and the other from IT Governance, a British company that specializes in cybersecurity and data privacy management. Both provide examples of actual phishing emails, with excellent advice on safeguarding your devices.
Bottom line: Do as I say and not as I did! Don’t click on any link or download any attachment you aren’t absolutely sure is legit.
P.S. A public service announcement
As we near Election Day – and early voting has started in many states – here’s my plea to take care in what you share on social media. Mis- (and dis-) information abounds, some of sent with good intentions, but much of it with intention to disrupt, outrage or cover for criminal commerce. It takes some effort these days to make sure that the item with the catchy headline or funny meme is what it appears to be.
After the 2016 presidential election, Patricia covered this issue in a blogpost titled “Help Stamp Out PWI* (*Posting While Irresponsible)”. In the intervening four years, we’ve learned about Russian-sponsored social media hacking, trolls and more, and Facebook and Twitter have made some steps to delete or flag false or dangerous posts. In her blogpost, Patricia has several suggestions as to how to be a better social media user.
Washington Post tech columnist Geoffrey Fowler provides an update is his June article, “You are probably spreading misinformation. Here’s how to stop.” He cites examples of misinformation surrounding recent civil unrest and the ongoing coronavirus pandemic. He covers many of Patricia’s points in “Step 3: Become a citizen investigator,” but expands on how you can help in the section on “When you find misinformation, correct it — carefully.”