Don’t Let Cybercriminals Ruin Your Holidays – Think Before You Click

By the time you read this article, holiday shopping will be in full swing with Black Friday, Cyber Monday, and all of the usual holiday shopping frenzy. Your inboxes (business and personal) are full of incredible sales and offers. Not to mention charities who are soliciting your help. 

In the midst of this frenzy, we thought it would be a good idea to provide a few reminders on how people and organizations can stay cyber safe during this holiday period. 

Malicious Emails Warning Signs 

Let’s start with emails. Almost 20% of the people in an organization will click on malicious links in phishing emails. Being educated on some of the warning signs that can be dead giveaways for malicious emails will help mitigate the risk leading to much happier holidays for everyone involved.  

Who is the email from? 

• Do you recognize the sender’s email address as someone you ordinarily communicate with?  
• Is this email from someone outside your organization and it’s not related to your job responsibilities?  
• Is this email sent from inside your organization or from a customer, vendor, or partner and is the communication unusual?  
• Does the sender’s email address come from a suspicious domain? Ex: the domain is misspelled.  
• You don’t know the sender personally and they were not vouched for by someone you trust.  
• You don’t have a business relationship nor any past communications with the sender.  
• Is this an unexpected or unusual email with an embedded hyperlink or an attachment? 

Who is the email going to? 

• You were cc’d on an email sent to one or more people, but you don’t personally know the other people it was sent to. 
• You received an email that was also sent to an unusual mix of people. Examples would be a random group of people at your organization whose last names start with the same letter, or a whole list of unrelated addresses. 

What is the subject of the email?  

• Did you get an email with a subject line that is irrelevant or does not match the content? 
• Is the email message a reply to something you never sent or asked for? 

When did you receive the email? 

• Did you receive an email that was sent at an odd time like 2 a.m. that you normally would get during regular business hours? 

Hyperlinks 

• You hover your mouse over a hyperlink that’s displayed in the email message, but the link to address is for a different site (This is a huge warning sign). 
• You received an email that only has long hyperlinks with no other information and the rest of the email is completely blank.  
• You received an email with a hyperlink that is a misspelling of a known web site. For example, www.arnericanexpress.com – the “m” is really two characters: “r & n”). 
• Always take an extra second to verify hyperlinks.  

The Content 

• Is the sender asking you to click on a link or open an attachment to avoid a negative consequence, or to gain something of value? 
• Does the email have bad grammar or spelling errors or phrasing that seems out of the ordinary? This red flag is less and less frequent as the threat actors have learned that this tactic is easy to spot.  
• Is the sender asking you to click a link or open up an attachment that seems odd or doesn’t make sense? 
• Is there a sense of urgency in the messaging with a threat that something bad will happen? “Change your password now or your service will end immediately” 
• Do you have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link? 

Attachments 

• You were not expecting the email attachment the sender included or the attachment does not make sense within the context of the email message. The sender doesn’t ordinarily send you these types of attachments. Recently, threat actors have used macros commonly used within documents to deliver their malicious codes. Attachments should always be questioned. 

Stay Safe Online 

While we are offering tips on recognizing malicious emails, we thought that offering some tips on staying safe online would be helpful. 

Here are a few things to keep in mind: 

• Never click on links in suspicious messages sent through direct messages 
• Never click on unverified links, videos, or files 
• When being re-directed to another site from a secure site, verify the address you are being re-directed to see if it is legitimate. In many cases, if you are being re-directed, the site that is re-directing you will tell you that you are being re-directed and why 
• Limit the information available on your social media profiles ex: home address, birthdays, children’s names 
• Don’t save your login information on shared computers or browsers 
• Don’t accept “friend” requests from people you don’t know 
• Don’t respond to invitations to connect unless you know the person or company 
• When asked for information to update your account or to re-enter your login details, verify the URL 
• If you receive an unusual message from someone you know, contact them outside of the social network site to check on the validity of the message 
• Remember: banks and governments never ask for your personal information on social media. Don’t be intimidated to respond. Also remember these institutions will never ask such information through email or text either 
• If something looks too good to be true, it probably is. Offers for free product or money for example. Don’t follow or click on those links 

We always recommend that you take a moment to review the email or message or online ad. If something doesn’t feel right, verify before doing anything else. Let’s make this holiday season a safe one. 

For questions regarding cybersecurity or IT services and solutions, contact MicroAge today.