Danger in Disguise
With E-mail as widespread as it is, it is important to recognize dangers within them, such as malicious links hiding in plain sight
Phishing can take many forms, especially within emails. These can range from malicious attachments that download unwanted programs, viruses, or malware onto a user's system. In addition, these emails can contain links to falsified websites mimicking legitimate websites. These fake websites are a front to steal user information for the creator's personal malicious reasons. While these sites and links may look convincing at times, there are different ways to spot a fake website that comes from a link.
Safety Tips to Combat Malicious Links
Initially, one should check for basic warning signs within a given email. These can include grammatical errors, vague subject lines, or a sense of urgency to reply to the email or click a link. A sense of urgency to reply to the email or click a link within it could also mean the email is fraudulent. Additionally, interacting with emails sent from public domains, such as Google's Gmail domain '@gmail.com', should be done with caution. Larger, legitimate organizations reaching out regarding sensitive information will normally have their own domain ending each email address. Public domains such as addresses ending in '@gmail.com' or '@yahoo.com' asking for personal information or sensitive data is a clear sign that the email is fraudulent, and no links should be clicked within the message. One outlier to this rule would be smaller business operations as they may not have the need or use for their own domain. If the domain name/username is sent from an expected user, even ending in a public domain, then the email is most likely legitimate.
To continue, one should be mindful of the content of the email. Many scams or phishing emails contain suspicious attachments or links within them. Infected attachments are common in phishing scams. An infected attachment is a file attached within an email that seems harmless but contains a malicious program or code such as malware. Safe attachments generally include files ending in '.jpeg', '.jpg', and '.pdf' while unsafe attachments generally include files ending in '.exe', and '.reg'
Pictured: Two examples of warnings provided by some organizations regarding external senders. As seen, one is a brief warning while another is a more all encompassing definition.
It is advised to never open attachments in emails unless it is known who the sender is with full confidence that the are a legitimate entity. Even in this case, use caution when opening links.
A user's organization may even display a warning when the sender of an email is unable to be verified or is an external entity to the organization managing your email. This is mostly seen when using emails provided by said organization when communicating with an email address outside of it. If communication is being done using a personal email address, there is no organization to warn a user regarding untrusted and external entities
In addition, it is important to know the identity of who is sending the email and to not fall for tricks associated with identities. While it may appear to be an email from an expected user based on the name that appears, it could be another user imitating this person.
For example, in these images, an email has been received from a man presumably named Elon regarding an extended warranty on a car. However, this may not actually be the senders identity. To see the email address of who sent the email, one can hover over the name of the sender which will bring up a menu displaying contact information after a brief moment. When this menu appears, it is discovered that the sender's email address does not match the name seen. It can be concluded that the sender is not truly who they say they are.
Links in emails can also be untrustworthy. While website addresses that were sent with the email may be legitimate, it may link to something other than what it says.
Using the same email from "Elon", it is seen that a link to "www.tesla.com" is displayed. However, it may not link to the Tesla website. By hovering over the link with the cursor, the true website it is linked to is revealed. In this case, instead of linking to Tesla's website, the link is to a video on YouTube. This aspect of phishing is quite common in fake emails that want the user to click the link which brings them to an imitation web page or a different website altogether.