For the love of God, stop clicking on shady emails already
I know, I know. By now, we all pretty much know better than to click on links in sketchy-looking emails. Except, obviously, we don’t.
That was more than evident last week when a phishing scam that spoofed Google Docs invites began spreading like wildfire.
The phishing emails were slightly more convincing than some phishing attempts but they weren’t really that good. As we pointed out at the time, looking at the email address details for about 10 seconds should have quickly raised a whole lot of red flags. That so many people were willing to blindly click on something so easily shows an astounding lack of common sense. We can all do better.
Most importantly, as Wired astutely pointed out last week: one of the most important things you can do to protect yourself (and the rest of your address book) is to resist the urge to click on everything that shows up in your inbox. Look, I get it. Curiosity kills. You get an email saying someone you know has shared something with you, your first instinct is to see what it is! We’ve all been there.
But just stop it already. Please, for the love of God, take a few seconds to think before you click.
Take a few seconds to think before you click
Is the email from someone you communicate with regularly? If not, give it a hard look before you touch anything. Look carefully at the sender information; was it sent directly by them directly to you? Are there other addresses you don’t recognize? What about the subject line; does it sound like something they’d write? All of these are easily detectable red flags that take only a few seconds to check.
Look at the body of the email. While scammers are getting more sophisticated at copying parts of popular services, they rarely get it completely right. Instead they rely on getting it just close enough to fool people not paying attention. Don’t be one of those people.
In the case of the Google Docs scam, they spoofed the “open in docs” button but little else of what actual Google Docs invites are supposed to look like. And if you’re not sure what these are supposed to look like, it’s easily revealed by a simple Google search.
Next, what is the email actually asking you to do? Is it directing you to another site that immediately asks for login credentials? Is it just a link and no text? More red flags.
Here’s a good rule of thumb: when in doubt, assume every odd-looking email is suspicious and delete often. Paranoid? Maybe, but better to be paranoid than hacked.