Security Awareness - How to Spot Spoofed Emails and URLs

Security Awareness Training has migrated from a "nice to have" security function within an organization, to now, a "must have." In fact, more quickly than ever, companies of all sizes and industries are integrating security awareness training into their required learning for all employees. It's now a matter of simply being irresponsible if your organization doesn't have a course.One of the more common features in a security awareness training course is the process of identifying spoofed emails as well as spoofed URL's/domains.Although the Internet is full of many wonders, it’s also a minefield of danger for your personal information and your computer’s security. Spoofed website addresses can lead you to dangerous websites that can steal your financial information or harm your computer with malware.Your email inbox is not immune to this danger. Learning how to identify spoofed emails and links is one of the best ways to protect yourself, and your organization, from prime threats.Poor Spelling and GrammarIf you think that you’re on your bank’s website, but the text is full of spelling errors, be wary. Legitimate companies work hard to proofread their websites. Companies also spend extra time proofreading emails before they send them to thousands of customers. The occasional minor spelling error is not uncommon, but an email or website rife with spelling errors and bad grammar should raise suspicions.Unexpected Email AttachmentsEmail attachments can be used to transfer all types of digital files, including pictures from your aunt or manuals for electronic gadgets. However, attachments are also used by hackers to distribute harmful files. When you receive an email with an attachment, don’t open it immediately, especially if the attachment is an application or archive. Major companies and government agencies typically don’t send attachments; these organizations are aware of the dangers of attachments and don’t want to scare you away from reading necessary information. Unless you’re absolutely certain that you can trust the sender, you should avoid downloading any attachments.Missing LogosWebsites and emails from companies almost always include familiar logos. If you usually see a logo in emails from a particular company and notice that the email only shows text where the logo used to be, the email may be bogus. However, know that sophisticated hackers are capable of stealing a logo to use in their emails and websites.Sudden Request for Personal InformationIf you receive an email out of the blue asking for personal information, think twice before replying or clicking on a link in the email. If you don’t remember initializing any online contact that would result in such a request, it’s safe to ignore it. Major companies are unlikely to solicit information from you through email. Any company that you do business with already has the personal information that they need from you, so they don’t need you to send it to them again. If you’re suspicious about an email asking for sensitive information, you should call or email the company directly.Generic Email Subject or GreetingIf a company wants to get in touch with you through email, they are likely to use your name instead of a generic greeting. Hackers, however, want to send their emails to as many people as possible, and they'll use a generic greeting that they can copy and paste into new emails. In addition, legitimate emails usually include specific subject titles instead of a simple one-word subject, such as “Message.”Suspicious Links in EmailsBefore you click on a link in an email, hover over the link with your mouse for clues to help you determine if it's a legitimate link. For example, if an email claims to be from a company that you are familiar with but the address clearly points to another website, don’t click on it. You can also use this trick to hover over the sender in the email. If the sender claims to be a government agency but the email address doesn’t match, the email is probably an attempt to get you to give away information or download a harmful file.Incorrect URLPaying attention to the URL on the top of your browser is one way to look for a spoofed website. Most spoofed links take you to a URL that is similar to an existing website but may feature a few small differences, such as an extra hyphen in the domain. If the URL looks strange to you, use a search engine to look up a company’s real website address before you input any sensitive data.Amazing OffersIf you receive an email or end up on a website that is promising you a reward that is too amazing to be true, back away immediately. Common examples of these scams include offers to give you money if you click on a link or help with a bank transfer. These emails and websites are designed to steal your personal information and your money.

---

Although there are hidden dangers online, learning how to identify common signs of spoofed emails and links can help you stay safe from malware and loss of data. Always use common sense when opening emails or visiting a new website for the first time. If anything looks suspicious, you should avoid clicking on any links.