Have you ever heard of the saying “curiosity kills the cat”? Well, it applies here.
We all have this innate thing – it is called itchy fingers. It’s that need to just do something, touch something, press something, click something. Doubtful? Well, let me just Google that for you:
If you have an itchy finger or itchy fingers, you have a strong desire to do or get something, especially something that other people think is wrong or dangerous.
Well, one thing certain when it comes to cyber crime is that your email is the most effective way for criminals to deliver malware to an unsuspecting victim. And increasingly, text-based threats are rising as more people do more on mobile devices. Because why? Itchy fingers! See, now you are getting the hang of it!
But remember, if you are even a little bit suspicious of a text message or email – do not click it. Let me repeat that. DO NOT CLICK IT. Immediately delete.
So the question is: should you click or not click?
Verify to clarify
If you receive an email or text message requesting you to confirm or submit financial information, your login information, or any other sensitive personal information by clicking a link, don’t. Immediately contact the organization (not via the contact information contained in the email) to verify the request. You can also visit the company’s legitimate website and log into your account to see if you have any messages or action items.
When in doubt, throw it out
Links in email, tweets, texts, posts, social media messages and online advertising are an easy way for cyber criminals to get to you. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, don’t trust links.
Remember what you learned about not accepting candy from strangers? Apply that to the online world as well. Do not click links in emails, text messages, chat boxes, etc. from people you do not know--and be suspicious of links sent from those you know as well.
Read the email or text critically
Is the sender asking you to do something they wouldn’t normally ask you to do, such as bypass your company policy? Does it seem weird the credit card company is asking you to verify your credit card number or SSN? (yes--they have that information already). Are there misspelled words or unusual phrases? Is there a sense of urgency--requesting you click now or act immediately? These are often context clues in the body of the email or text hinting that something is not right.
Unsubscribe might subscribe you to a hack
Sometimes the call to action in an email can trick you--such as “unsubscribe” or “reply to stop receiving these messages.” It is better to just delete the email or mark it as spam if it is spam.
So here are some tricks on how to decipher if the email/ link is legitimate or not
Configure your email account settings so that they display the sender’s email address and not just their display name
This will help you verify the sender’s email address is legitimate (for instance email@example.com (correct) vs. firstname.lastname@example.org (incorrect)-- notice the one simple change of removing the hyphen?
Enable plug-in assistance
There are some plug-ins you can use in your internet browser that will display a URL’s true path. You might consider enabling that security feature in your internet browser’s security settings.
Hover to determine link’s destination
You can put your cursor on top of the link (be careful not to click!). When you do that, the true path will appear. Does the destination of the link align with what you would think? If it doesn’t look legitimate, do not click. Immediately delete the email.
Take note of Shortened URLs
Often, hackers will use shortened URLS to make a malicious link appear safe to click. If you receive a short URL, there are free online tools where you can copy and paste the short URL into the tool and it’ll expose the true path. Be careful with this, though. You don’t want to accidentally click the URL. If you are afraid of copying and pasting, just delete the email or text message with the shortened URL and go to the company’s main site itself to access whatever deal or event you’re trying to access.
Have anti-malware and antivirus installed on all devices
You can even install it on your phone. This will add an extra layer of protection, though it won’t replace you needing to be cautious and vigilant.