HOW CAN I TELL IF AN EMAIL IS REAL OR A SCAM (OR HARMFUL)?

Monday 07 Aug 2017 01 am

Today's case study is brought to you from the pretend GoVia email we received at Smartm8.

Today I opened my inbox to an email that nearly got me.

It had been a busy morning and I was a little less on the ball than normal. I am sharing this as a wake up call for everyone to see how easy it is for even the best of us to get caught. It can happen to ANYONE.

We wanted to share a few tips to help you avoid the very same scenario.


Check the domain name from the sender (often it is similar but not identical)

At a quick glance when you are not paying attention you may miss this. In this example you can see the email is actually coming from goviau instead of govia.com.au.


Hover your mouse to check the website address before clicking

If you hover your mouse over any link it will give you a preview of the website address it is going to take you to. Any legitimate emails will take you to the logical website. Spam and virus emails will take you to a complex link that often has nothing to do with the company directly.

In this example, whilst "sharepoint" is a legitimate Microsoft service that companies use, it is highly unlikely GoVia would use a sharepoint site to deliver their invoices, particularly an unsecured guest access link that contradicts the requirement for sign in. When you click on the link, your browser begins downloading statement.zip immediately.


At this point you may have now downloaded or are about to download the virus on to your computer, but you are not yet infected until you open and/or run the attachment. Once you run the file the virus will have infected your computer and likely begin encrypting your files and compromising your security and privacy.


Tips

  1. Don’t get complacent, be vigilant
  2. Check the sender email address carefully
    1. Does the email address match the senders domain?
    2. Do I usually get emails from this sender like this?
  3. Read the email carefully.
  4. Check the link before you click it, does this sender normally includes links like this?
  5. If you are not 100% convinced if it is real or not you can directly visit the company website and login like you normally would instead, rather than via the link in the email.
  6. If something downloads, was it expected? Did you expect to be taken to a website with a login instead?
  7. If there’s an attachment, be wary. Companies do not commonly send ZIP attached invoices, they are usually PDFs.
  8. If you try and open an attachment but it tries to execute a program instead, you’ll usually be prompted as a warning, read pop up warnings carefully.
  9. IF in doubt STOP and contact your computer support technician.