I’m sure at times you think, “Wow–they said it AGAIN. Think before you click. We get it already!!”. But do you? Do you still look at your emails to confirm they’re coming from someone you know. Are you checking the email address it came from to ensure it’s legitimate? Do you hover the links to be sure it is a secured page? If not, how do you know it is not a malicious email?
We say these things, not to be redundant, but because it’s easy to get lazy. It’s easy to assume that email or attachment is safe, until your computer is infected.
Could it be a malicious email?
As an example, I recently went to the Dominican Republic. We purchased a disk with all of our excursion photos on it; however, when we got home we realized we got pictures of a random couple instead of ours. We contacted the travel agent and booking agent from the excursion company. A few days later, I received an email from a random person stating they found our pictures and would be emailing them to me. A few moments later, I receive an email with 72 images attached, along with a message stating they would be deleted in a week. Being skeptical, I emailed the two people I was corresponding with. They did some checking, and confirmed that “Jimmy” was legitimate. So I downloaded the photos, and they were free of any malware.
The Red Flags
Although this example was not a malware attack, it very easily could’ve been. Here are the red flags that I noticed within the email:
- Unknown sender
- Sense of urgency – As you recall, it stated the pictures would be deleted within a week.
- Incorrect grammar – Although a red flag, it was minor. The people I was communicating with, even before this issue, were difficult to understand at times due to English simply not being their first language.
Another thing that came to mind was the recent Gmail hacks that have been taking place. My thought was,
“What if a hacker got into my email, read through my inbox and realized I was waiting for pictures. It would be very simply for them to create a fake email, add a ton of attachments riddled with malware and infect my computer.”
It sounds like I am paranoid, but considering I write about these things daily and work for a computer security company, it would be rather ironic if I was the next victim. Taking the extra steps to confirm the email and attachments were legitimate were most certainly worth it.
As mentioned earlier, it is easy to get lazy or simply be caught off guard and click on the wrong thing. Recently, an experiment was featured on Today regarding one’s ability to determine a good email from a malicious one. The results are pretty interesting. Watch the video here.