Spam and phishing attacks are an unfortunate part of email, but there's several easy ways to check if a message you've received is legitimate. Here's a few tips on identifying bad-acting emails.
#1 - Stop & think
Many phishing attacks rely on urgency - they don't want you to look closely at the email and find a flaw, so they have a headline like "CEO needs this NOW!" or some other alarming verbiage. Others will be very vague - just writing "see this attachment" or "please do this" or something similar.
Don't rush, take your time, and verify the message is legitimate before acting. Looking over the message for another minute probably won't hurt, and it could save hours and hours of recovery time later if a mistake is made.
#2 - Check the sender
Do you recognize the sender of the email? More importantly, do you recognize the sender's email address? Accounts can type whatever name they want in their name fields. The From: address is a little harder to fake - but it's still possible. Make sure your domain admin users
#3 - Double-check any links
Phishers or scammers will often have to divert you to a webpage to steal your information. Trick urls can be difficult to spot, but remeber a few rules:
- You can't fake the part after the domain name, such as .com, .net, .io. A myaccount.google.com url is legitimate. google.myaccount.com is not a real Google page - the domain is myaccount.com. You can make any kind of URL prefix you want. login.banking.chase.com/sgi-bin/login/html would be a safe Chase page. chase.login.banking.com/login would be fake. Always look for the domain name in the URL. If it's not there, be very careful.
#4 - Don't trust legitimate appearances
Sometimes spammers will replicate the look and feel of a legitimate email in order to trick users into giving up their credentials. There was a recent scam where an attacker sent emails to many people prompting them to open a document. The link would lead to a real Google sign-in screen, then display an error and redirect to a fake sign in screen. Always check your links, senders, and URLs, even with normal-looking content. The sender of that spam email was a very obvious fake, but only if you took care to look.
#5 - Beware Attachments
- Attachments are some of the most common ways to deliver an attack on a user's machine. Pay extra attention to .zip, .exe, and .js attachments. These will run when you click on them. Make absolutely sure they're from someone you trust before you open them.
- Microsoft Office files are also dangerous. Only enable "Edit mode" in the document if you absolutely have to and fully trust the sender. If a document has a message prompting you to turn on edit mode, it's probably a scam. Also be very wary of enabling macros.
#6 - Verify Permissions of allowed apps
In a more recent and novel attack, users were sent a fake Google docs invitation (from a very suspicious looking sender address!) which led to a legitimate Google authorization page. What was fake was the app asking for authorization. Check out the following image:
Google apps will not ask for separate permissions like this. You can verify this is a fake app by clicking the dropdown menu on the name of the app:
(Note the consumer Gmail address and non-Google domain)
As an aside, it never hurts to check what apps have access to your account on your MyAccount page. While you're there, setup Two-Factor Authentication!
Hopefully these tips help you practice better security and keep your data secure. If you have any questions, please feel free to leave a comment below or file a ticket.