phishing-google-drive-hacked-email-signatureIt starts when you get an email from someone you haven’t emailed in a long time asking if you meant to send them a strange email. Then you get another email like this and then several more. You realize that someone has gained access to your email account and emailed everyone in your contact list.

That is one way a phishing scam can play out. The beginning of the scam was an email sent to you asking for you to log in to your banking, email or some other account. The email provides you with a link to use, which takes you to a knock off copy of the website referenced in the email. The purpose of this website is to collect your login information.

The Way Out

In the above scenario, where strange email was sent from your email account, the first thing to do would be to change your email password. For good measure, go ahead and do a full virus scan on your computer. Next, email your contacts and ask them to not open the email that came from your account. Lastly, report the phishing scam here: https://www.us-cert.gov/report-phishing

Catch a Phishing Scam Before it’s Too Late

First check to see if the email has misspellings or bad grammar. If it does, you’re likely looking at a phishing scam.

Next, check to see where the link will take you. You can do this by placing your mouse over the link in the email. The email could be a phishing scam if the website address revealed:

  • Is a number (like 192.168.1.1)
  • Has misspellings or certain letters replaced with other letters/numbers (such as gmai1.com instead of gmail.com)
  • Looks completely strange (bit.ly/Wn2Xdz)

Prevention

To prevent phishing scams, here are several steps you can take:

  • Use a reputation ratings program or plug-in such as WOT; this tells you how reputable the website you’re visiting is
  • Use Google Chrome as your web browser; it will give you a “Cross-site malware warning” if it sees you’ve ended up at a potentially dangerous website
  • Use two factor authentication for email accounts and other sensitive accounts; this makes it harder for people to break in to those accounts
  • Last but not least, if you receive an email from someone you don’t know, delete it