Your email gets bombarded every day, but not all of them are safe. In fact, some of them are actively trying to steal your private information. As our email inboxes expand in size, the amount of junk mail and clutter has also increased. The logical answer would be to simply stop using email, that’s not really feasible. Instead, you need to be aware of the major threats out there and how to spot them.
What Is Phishing?
If you don’t already know, phishing is “when someone tries to trick you into sharing personal information online.”
Phishing isn’t new, but it has begun targeting users with busy inboxes. Like most scams, phishing attacks can be prevented with a little awareness. They almost always prompt the user to share their personal information, which results in an endless string of illegal acts from fraud to identity theft. Phishing attacks often ask for one or more of these pieces of personal information:
- Usernames and passwords, including password changes
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Credit card numbers
- Your mother’s maiden name
- Your birthday
It’s important to note that Google and any other reputable company “will never ask you to provide this type of information in an email.” In order to prevent a phishing attack, it’s important to verify that requests for your personal information are reliable, safe, and secure.
How Does It Work?
If you do happen to receive an email that you are uncertain about, Google recommends the following action:
- Don’t click any links or provide personal information until you’ve confirmed the email is real.
- If the sender has a Gmail address, report the Gmail abuse to Google.
Unfortunately, phishing attacks are common on every email platform. While Google’s Gmail platform offers a limited suite of services to reduce them, there is no true way to prevent a phishing attempt. The best defense is to understand that your sensitive information should always stay private.
You can also install a strong security suite that will alert you to suspicious emails. We recommend users install an anti-virus software like Norton Antivirus to scan your inbox and prevent phishing attacks before you open them. However, you can increase your chances of detecting spam emails by securing your device with antivirus software like Comodo.
How Can I Spot and Protect Myself from Phishing Attacks?
After installing an antivirus program, you may still receive phishing emails. You need to identify and remove them from your inbox as quickly as possible. Just like traditional (snail) mail, the sender’s details often provide the first clue regarding authenticity. Most individuals tend to use popular email services such as Gmail, Hotmail, and Outlook. Businesses often own “vanity” email domains that are directly associated with the website of their business.
In the case of email, always check the email address’ domain before opening.
Be on the lookout for spoofed or replica domains. Here are a few hypothetical examples of what these may look like:
A quick search for PayPal-related domains on Security Trails reveals there are nearly 27,511 PayPal domains. These emails often look incredibly real too, and can easily fool someone if they don’t click to reveal the sender’s full email address.
Once you’ve checked to verify the domain is legitimate, the individual sender could still be a fake. Contact lists are an effective means of maintaining a safe “whitelist” of trustworthy emails from your friends and contacts. If you still aren’t sure, Google offers a checklist to go through when assessing suspicious emails:
- Check that the email address and the sender name match.
- Check if the email is authenticated.
- Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
- Check the message headers to make sure the “from” header isn’t showing an incorrect name.
For example, consider the email below which Gmail has flagged as suspicious:
Looking at the name, email address, and domain of the sender, “John Smith” aligns with “[email protected],” but the fact the mail was sent “via Yahoo.com” is potentially suspicious. This is a perfect example of why a contact list is recommended to ensure you know exactly where an email from the “John Smith” should come from. Understanding the
Major Threats Are Half the Battle
Gmail is fairly reliable when it comes to spotting dangerous and spam emails. However, it isn’t perfect, and you should take the time to double check. It’s also important to report phishing emails once they are identified. Email services such as Gmail maintain blacklists of these addresses, and this feedback provides protection for others using the service. The stronger these protections are, the safer every email user will be.