By now, emails with malicious links or attachments are not a new trick. Hackers have perfected the devious art of crafting email headlines that recipients are likely to open, read and click so that they can steal information or infect their computers. While many consumers are wise to the presence of these ploys, even the savviest of people can still be lured into one of these traps. Here’s a look at the most commonly used subject lines that result in opened malicious emails, along with some precautions you can take to make sure you don’t end up as the next victim.
Subjects Matter
Just as marketers regularly refresh and polish email subjects they’ll use to get prospects interested, hackers also pay special attention to their subject lines. After all, these words are what can get them in your door. Here are the five most frequently applied headlines that are used as bait in email scams:
1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear <insert bank name here> Customer
4. Communication important
5. Undelivered Mail Returned to Sender
As you can see, all of these imply some sort of familiarity or prior communication. You’re more likely to click on something that seems to be coming from a trustworthy source, or at least a company you have been in contact with before. So how do you know whether any of these are legitimate? One way is by looking at the email address from which it was sent. If it’s a valid company, you’ll see a recognizable email address. And just to double check, you can go to the company’s website to verify this is a real email used by the company.
Another method is to hover your mouse over the links within the email. Be careful not to click them, but by hovering over them, you’ll see the full link. Again, if it’s a valid source, the URL should be one from the company. If it’s malicious, you’ll likely see a very long, complex and nonsensical address instead. That’s a big red flag.
PC World offers a few ways to detect malicious emails here.
Take Action
Beyond doing what you can to vet the email’s sender and embedded links, there are further steps you can take to insulate yourself. First of all, learn as much as you can about email protection and network security tools. A solid resource on this topic is Lifelock.com, which offers a bevy of information about protecting yourself. Secondly, if you do come across something that appears to be malicious, it’s important you report it. You want to save other people from getting dragged into these scams, and lessen the chance they will continue to spread. You can report spam, phishing and malicious links to Safe browsing or Internet Explorer. Lastly, it’s always worthwhile to research anti-virus protection and make sure your computer is up to date in this area so it’s fortified, should an infection strike.
When it comes to keeping yourself and your data safe from the hands of hackers, education is of utmost importance. Get familiar with the most common tactics used, and understand what your best course of action is if you ever accidentally open something you shouldn’t have. By acquainting yourself with the most widespread schemes, you’ll know what to be on the lookout for. Be sure not to delay in taking action, or in doing your part to stop hackers in their tracks. Your security and privacy depend on it.
Free eBook: Two-Factor Authentication Evaluation Guide – Get your copy now.
By Rebecca Hasulak, @BecksChristine
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.