According to research from security awareness training platform KnowBe4, referring to COVID-19 and payroll matters are more likely than any other to ensnare users in phishing attacks right now.
These phishing emails — as well as others claiming to be from social media platforms, banking institutions and other trusted sources — allow cybercriminals to gain access to unsuspecting users’ computers or steal personal data, such as passwords or credit card information. They often claim the user needs to update an account or confirm personal information or include links that, when clicked, open a computer up to malware.
Phishing attacks can lead to financial loss for victims and put their private information at risk. To avoid becoming a victim, follow the advice of cybersecurity experts.
In a staff at Atlas VPN, a VPN proxy service, said users should watch for the following red flags in phishing emails:
• Urgent call to action or threats: Emails that create a false sense of urgency by pressuring users to immediately click a link or open an attachment are suspicious, especially if they promise a reward or threaten a penalty.
• Dubious links: Check if the link provided in the email is safe to click on by hovering the cursor over the link — this should reveal the real web address you will be directed to after clicking the link. Because the text in emailed hyperlinks can be disguised to appear trustworthy, never open a link until you’ve checked to see where it actually goes.
• Spelling and grammar mistakes: Obvious spelling or grammatical errors are the telltale signature of scammers. Professional companies usually take steps to ensure clients receive polished and professionally written content.
• Mismatched or misspelled email domains: If the email claims to be from one company but is sent from a domain that doesn’t match the company’s name, it’s likely a phishing email. You can look for the domain after the “@” in an email address. For example, a scammer might claim to write on behalf of Facebook while using a Yahoo.com or Gmail.com email address. Also, watch out for misspellings in the domain name.
Alan Regnier is a cyber security and IT consultant and owner of DNA Systems, a computer repair company in Toronto. He warns dangerous hyperlinks that open a computer up to attack can also be hidden in unexpected places in emails, including in text that doesn’t appear to be a link.
“Even images themselves have embedded links,” he said, adding that users should avoid clicking on anything in a suspicious email.
If you do receive a suspicious email, for example one claiming to be from the Canada Revenue Agency, Regnier said to contact the organization named in the email directly using their official contact information – not the number or email address listed in the email – to confirm whether they sent the email.
“I’ve spoken to the Canada Revenue Agency about this, and the best thing people can do if they receive a suspicious call or email is to ignore it and reach out to CRA directly,” he said. “And always make sure it’s on a secure network or secure website.”
Finally, Regnier said anyone who opens a suspicious link in an email should shut their computer off immediately and contact a trusted IT company.
“All it takes is one click,” he said.
