Looking in my inbox this morning, I saw what looked like a scam email forward from a friend. To be safe, rather than sorry, I went through my normal safety checks before taking the email seriously. I then realized my friend had NOT done the same. Here is a quick guide on some steps to take to stay safe.
Computer viruses are a real threat. In fact, you are just as likely to get malware from an email forward as a web address linked in an email. The easiest thing to do to avoid threats to your computer own is to stop using Windows and get a Mac or put a Linux distribution, like Ubuntu, on your computer. However, neither of these are 100% virus proof.
On top of this, Macs are expensive compared to their cheaper PC counterparts and learning a new operating system (Mac or Linux) can be time consuming. The best way to avoid email threats all together is to get educated. Emails forwarded from friends, or worse strangers, are not the best way or time to learn about email threats.
There are two different common threats: 1. a forward from a friend and 2. an email from a “trusted” company.
Lets first look at an email from a friend, the one in my inbox today. Normally these will say some thing like “There is a virus that was discovered today that McAfee (or Norton, or Microsoft, etc) says is a real threat!” Mine was regarding a Hallmark e-mail “virus.”
To combat this situation, the best course of action would be to go to the legitimate website, Hallmark or McAfee, or a trusted site that has information on the proposed virus, in this case a Hallmark greeting card scam. But before we do, lets take a look at some obvious problems found in this email.
1.“This virus was discovered by McAfee yesterday”
If it was just discovered yesterday, how did it get to you so quickly? Better yet, how did your friend, the one that sent it to you, find out about it? Likely via a forward. This means no one knows how old the information is. It could have been real threat 5 years ago and no longer an issue. This is reminiscent of the email forwards asking for donations to help people – likely children. Some of these emails have been out in the wild so long the “child” should now be an adult with his/her own children.
2.What is the website linked in the email?
Do not click the link to find out, right click on the link and copy the web address. By pasting the address in Google you can learn more without going to the Web site. Don’t click on the links Google spits out at you. Just read the results. Many times you will see what people have to say about the site in the results. If they are a legitimate website, go to the site from Google and try to find the information stated originally in the email.
For the email in the example above, the site is http://www.snopes.com/ and Google says: “The definitive Internet reference source for urban legends, folklore, myths, rumors, and misinformation.” While this seems like an okay website (I actually like Snopes), if information had been from McAfee, the link should have lead to that company’s site.
After finding some clues, keep digging. The website in the link may or may not be reliable, but who is? On this topic, Ask.com has said,
“Try not to confuse hoax warnings with the real thing. Bogus virus alerts often contain links to websites which, at first glance, may seem to confirm the authenticity of the message, but which in fact discuss a completely different matter.” (http://urbanlegends.about.com/library/bl_postcard_virus.htm)
If the greeting is from a friend and you are still worried it is a virus, just call them and they will tell you if they send the email/e-card or not. Bottom line, any email warning you of a scam is just as likely to be a scam, so be careful!
This time the email was safe, but a call to my friend confirmed they blindly sent it out to everyone on their email list.
The other type of email scam is called phishing. This is when an email pretends to be from a known company, like McAfee, e-bay, your bank, etc. When you click on their link it will take you to a dummy site that may look just like the real deal. However, on closer inspection, the web address will look wrong, common words may be misspelled etc.
Rather than click on the link, just go to the company’s Web site on your own. Log in there. You can tell the real site as when you log in it will be secure, like your bank’s log in page. If you look at the URL (the web address at the top of the page) you’ll see “https;//” before the www.mybank.com/. the “s” means the page is secure, and that costs money. Forgeries will not pay for that security. They just hope and expect you not to notice.
Remember, if you are not sure, use Google to see if others are talking about a scam. If you are still not sure call a friend in IT to find out for sure. Slow can mean safer, quick action could lead to quicksand, so be careful!