Skip to content
Corinne Borgner 8/9/22 12:30 PM 7 min read

Protect Yourself from Phishing Email Scams!

Protect Yourself from Phishing Email Scams!

Hackers are constantly finding new ways to get into your account and take advantage of you, but there are ways to protect yourself from one of the most common attacks: Phishing Emails.

Phishing Emails are one of the most common hacking scams.

Phishing emails can allow hackers to corrupt data, access important information, and generally wreak havoc. A phishing email is meant to look real. Hackers are very creative and can make it look like you’ve received an email from a site where you have important information stored so that they can gain access to that information in an attempt to steal your identity. These emails are made to look like members of an organization you belong to, companies you have services with, security warnings from commonly used applications, etc.

Recently, we at GGMS have seen an email going out to our clients supposedly from Facebook. We have identified this email as a phishing scam, and we want to provide ways for our clients to identify these emails so their important information can be kept safe.

This particular email below is not from a facebook.com or meta.com email address, and the ‘reply to’ email address is also unrelated to Facebook or their parent company, Meta. In addition, some very hard-to-find spelling/grammatical mistakes within the text could easily be missed when someone panicked is skimming this alarming email for information.

Be on the lookout for phishing emails by following our tips below!

Ways to Spot a Phishing Email

There are ways to look out for these suspicious emails, and it is important to be on the lookout for these things, even for emails that may seem legitimate. 

  1. An Unfamiliar Tone or Greeting
    • If someone you know is emailing you using a nickname you didn’t tell them, be suspicious. You’ll know when something doesn’t sound right, and you can keep looking for other signs that this email is fake.
  2. Grammar and Spelling Errors
    • Hackers don’t use spellcheck. They also may not be native English speakers and know the proper grammar that companies generally use in professional marketing and security alert emails. Be alert for other clues, such as a spelling or grammatical error!
  3. Inconsistencies in Email Addresses, Links & Domain Names
    • If a link or email address within in an email is not the domain you would expect it to be linked to, the chances are this is NOT from the company it is claiming to be.
    • For example, all Facebook URLs will include either ‘facebook.com’ or ‘meta.com’ somewhere in the beginning after ‘www’. Anything else is fake and could be dangerous.
  4. Threats or a Sense of Urgency
    • Hackers love to create fear as a tactic to gain access to your information because they know you’ll do what it takes to protect that information. They are preying on the fact that you’ll see something urgent and not read carefully through the email looking for clues that it is a phishing attack. Be very careful not to provide information until you’re sure the threat is real.
  5. Suspicious Attachments
    • Even if an attachment looks harmless, it could contain a virus used to infiltrate your computer and cause issues or steal information. A quick way to verify an attachment is to contact the sender directly to verify they intended to send you the file. Even then, the attachment can still be unsafe, so it would be a great idea to use anti-virus software to scan the attachment.
  6. Unusual Requests, which may include Credentials, Payment Information, or Other Personal Details
    • Never click a link to provide your credentials, payment information, or any other personal information. The best way to approach a request for information is to verify directly with the company listed in the email. For example:
      1. If you didn’t click a “forgot password” link on a site and received an email asking you to reset your password, go directly to your browser and type in the URL of the site making the request.
      2. If your bank sent you a “secure message” that requires your credentials to view the message, type in the bank’s URL into your browser before going to your secure message inbox to view the message.
      3. If a company you pay for services with asks for payment information, and the link seems suspicious, log in to the site using the URL you’re familiar with to update your payment type. 

Ways to Protect your Email and Other Important Accounts

Secure Your Password

The first layer of protection for all your accounts is your password. Ensure you’re creating a secure password that is not easily guessed by following these guidelines:

DO NOT DO THIS

  • DO NOT use a family member or pet name in your password.
  • DO NOT use your favorite team or celebrity name that is easily noticeable from your social media account posts.
  • DO NOT use a childhood nickname or home address/city that can be found online.
  • DO NOT use a birthday, anniversary, or other easily identifiable calendar dates.
  • DO NOT store any passwords in a place that a hacker can easily access (i.e. email, cloud drives like iCloud or Google Drive, or social media)

DO THIS

  • DO choose a password with both letters and numbers, and if possible special characters as well (for example, you could use one of the following: @ # $ % ! &)
  • DO choose a password that scrambles something easily remembered into a mix of characters that won’t make sense to anyone but yourself. (Please review but do not use the example below.)
    • Example: Password123 would become: 3P@$$2w0rd1
  • DO use a randomized password generator to create a password that even you won’t remember.
  • DO find a password manager app that can generate and store passwords securely.
    • Free Password Manager App Examples:
      • 1Password
      • Truekey by McAfee
    • Paid Password Manager Apps Examples:
      • Norton Password Manager
      • Microsoft Authenticator

Change Your Passwords Frequently

Just setting a secure password isn’t enough. For critical accounts like your social media, banking, email, etc., you’ll need to update your passwords every 3-6 months. This may seem excessive and tedious, but it is the duration of time recommended by internet security experts.

This is because while you may have a secure password, a site that stores your passwords may be compromised from time to time. If this is the case, the hackers may try to access your important accounts via this compromised account. To avoid this, change your passwords frequently.

2FA Security

Another way to ensure your accounts are secure is to enable the 2FA security features on any account where this is available. 2FA stands for Two Factor Authentication (also known as dual authentication or two-step verification). It is a way to ensure the person logging into an account is the owner of that account. In simple terms, you provide two different authentication factors to verify yourself on an account.

The first authentication factor is called a knowledge factor, which the user knows, like your login credentials (username and password). 

The second authentication factor can be several different factors, but possession and biometrics are the most common. The possession factor is something a user has to gain access to an account such as an ID card, a cellphone, a mobile device, or a smartphone app to approve authentication requests. Biometric factors are facial recognition (like Face ID) or fingerprint readers.

Facebook, Google, Microsoft, and other large platforms have 2FA in their settings sections and provide easy-to-follow instructions for setting up this security feature. Once you provide your secondary authentication factor, your password will not be enough for a hacker to gain access to your account, making it harder to access the information within your account, which may lead to other accounts being compromised.

Link a Recovery Email

For some important accounts, you may also be able to provide a second email address in case your primary email address is compromised. It will allow you to verify your identity through your secondary email address, similar to 2FA.

For example, if your Gmail is compromised and a hacker has changed your password, Google would send an email to the backup email address and you would follow the instructions to recover your primary email account.

Always be alert!

There is no way to avoid receiving these phishing emails, but there are certainly many ways to protect yourself from falling into the trap and having your information stolen from you. If you have any questions about a suspicious email regarding GGMS or related services, you can always reach out to us at support@ggms.com for help!

avatar

Corinne Borgner

Team Leader, Onboarding