Unfortunately, while sliding our minds into self-driving mode has its advantages (for example, it lets us multitask better), it’s also a risk-strewn practice.
It’s risky because it can distract us from scrutinizing incoming emails for telltale signs of a phishing attack.
And unless you’re paying attention, you may mindlessly open baited emails and then hook-line-and-sinker download their malware-laced attachments or click on their lethal links.
That’s why you have to turn off your brain’s autonomous control mechanism when perusing emails.
With yourself back behind the mental wheel (and your psychological hands firmly gripping it at the 10 o’clock and 2 o’clock positions), you’ll be more likely to spot these indicators of phishyness.
1. Requests for confidential personal or financial information. My personal favorite is the one where the sender sheepishly confesses to having lost my Social Security number and would I please be a sport by “resupplying” it.
2. Unusual “from” or URL addresses. A real email from, say, your bank might have an address along the lines of “[email protected]” as opposed to “yourbank_customer[email protected]” or “[email protected]/LOL_sucker.”
3. Attachments and links. Never download or click these without first confirming by phone to a trusted number in your Rolodex or via a reply to a known-valid email address that the purported sender actually did, in fact, send the email in question (tournament-level phishermen know how to counterfeit with stunning accuracy the appearance of emails from your family, friends, colleagues, and companies with which you do business).
4. Misspellings and poor grammar. Emails containing language gaffes are rarely sent by legitimate businesses and government entities. Cybercrooks, however, are far more eager to con you than to impress you with eloquence or dictionary skills.
