Email – Don’t Trust It!

The Golden Rules of Using Email

I received a panicked call last evening from a friend who I consider to be above average when it comes to technical prowess.  She said she received an email from her bank that her online account was compromised.  She frantically started relating a story about her friend whose identity was stolen and what a nightmare it was and how terrible this is going to be if she needs to go through all this terrible stuff….!

I interrupted her stream of consciousness tirade and calmly asked if she had received a call from her bank, or just an email.  She had only received an email.  Hmmm.  I asked her to forward the email to me and told her to take a few deep breaths.

Indeed, when I saw the email it became apparent it was a phishing email designed to freak out the recipient, and then have them click on a link to “log in” to his or her “account”.  When you click the link you go to the bad guys’ website, and when you try to log in they capture the user name and password you entered on their website.  Then they go to the real bank website, login and drain your account.

There were several items that tipped me off this was a phishing email.  Even though the email address was “spoofed” and it looked like it was truly coming from her bank, when I hovered my mouse over the “login” link in the email I immediately saw the link was not taking you to the bank website.  The link was designed to fool someone who didn’t know what they were looking at, so I have placed two examples below to give you a little quiz.

If your bank’s main website is located at www.mybank.com, which of these login links should be valid?

Example 1:
www.mybank.money.com/login.aspx

Example 2:
www.money.mybank.com/login.aspx

If you chose Example 2, you are correct!  Whatever comes immediately before the .com, .net, .us, .biz, .WHATEVER is the actual web address.  So in Example 1, you were actually going to a sub-domain of money.com.  In Example 2, you were going to a sub-domain of mybank.com, which is where you really wanted to go.

Confused?  That’s okay, because I’m going to give you  a foolproof way to never get duped by one of these emails: Never, ever click on a link in an email to go to an account login screen.  Especially for something as senstive as your bank account! Instead, type the web address into your web browser, and then go to the login screen from there.  Luckily my friend called me first before clicking the link and trying to log into her bank account.

Online security and website security are important to keeping the web a safe place to do business.  Educate yourself and make sure your computers, networks, servers and websites are all kept up to date with the latest security patches.