My wife Kathy received a phishing e-mail today that is very convincing, especially for older computer users:
Everything about this message is correct on the surface, down to the address and phone numbers listed in small print. Three things, all of them subtle, point to this being a phishing scam:
- Neither the person to whom the e-mail is addressed nor the alleged deceased friend are named. E-mails that are generic like this should always be considered suspect.
- The user is asked to click on a link to get more information. Hovering the mouse pointer over the link without clicking reveals that it does NOT point to the funeral home’s website:
- Finally, the sender’s e-mail is email@example.com. Addresses ending in .ru are hosted in Russia, which is one of the top sources of malware infections in the world. Unfortunately, not all e-mail clients are configured to show this, and a lot of users would only see “Clearwater & Largo Memorial Funeral Home,” not the actual address behind it.
In today’s digital world, users need to approach e-mail messages from the standpoint of “it’s a scam until proven otherwise.” Even seemingly legitimate messages from people you have in your address book can be scams if one of those people has a compromised computer system. When in doubt, don’t click on any embedded links or open any attachments until you have verified through other means that they are legitimate.
The criminals who send out phishing e-mails such as this one are always researching new methods and designs to make them appear more legitimate and convincing. Security and antivirus software are all fine and good, but educating yourself on the methods they use and staying informed on the latest threats is your best defense against their tactics. As a colleague of mine says regarding keeping computers secure, “You have to be right 100% of the time. They only have to be right once.”