The subject of internet scamming and hacking is dry, technical and boring but if you use the internet on a daily basis you should have basic knowledge about how you can be tricked. All it takes is one little mess-up and your life can be literally screwed. Seriously, skip a youtube video or drama and spend some time really reading this article. It could save you from a major life disaster.
Fishing
A scammer tries to trick you into giving up your login credentials (username/password).
Usually a Fishing attempt starts when you recieve an email. This email can be an official email from Amazon, your bank, your friend, etc. I might have tricked you right there. Did you see how I said "official"? The first thing you must realize is that anybody can say anything on the internet. 1st I said "official" and then I said "Amazon", "your friend", etc.; this means nothing! If a scammer/hacker has gotten hold of your email address they can literally write anything, create any graphic to make it look real. It's very easy to do.
Rule #1 - never open an email if you don't know who it's from. This is the "standard" rule that we have heard for many years but unfortunately this rule is not a good rule. A.) It's very easy for a scammer/hacker to create a Title and Subject that seems legit and B.) What if an old friend is trying to contact you or a new "real" business contact? If you use an online email service like Protonmail, GMail, Yahoo Mail, Outlook, etc. you can open any email without worrying about it doing bad things. Just by opening an email using an online service will do nothing. However, If you use a local email program running on your own computer like Mircosoft Oulook, Thunderbird or Mailspring... there IS a chance that just by opening the email something evil could effect your system. For this reason I always advise my clients to use online email services.
Rule #2 - never, NEVER click a link that is in the content of an email sent to you unless you are absolutely sure the source of the email is from a trusted person. Even if you trust the sender... their email might have been hacked and a hacker is sending you an email from their account! Sorry to confuse and be so wary but this is the reality of the internet. As mentioned earlier, scammers and hackers will say or do anything to try to trick you into giving up your information.
Rule #3 - If you do accidentally click or purposely click a link within an email because you have confidence the link is ok, never, NEVER enter your username/password that presents itself on the page that opens from the link. This is the classic "Fishing" scam, that form is the hook and if you enter your username/password... you have been caught and will be totally screwed over.
If you do enter your username/password into a scammers form, your username/password will be captured by a database. The hacker will use that info to log into the site you thought was real and immediately change your password so you can't get back in. Then they will attempt to log into every other type of online service like your bank accounts, all social media accounts, etc. with the same username/password combo and if they get in (because your username/password is the same for all accounts), will once again change all the passwords. Then from your accounts they send fake emails, messages, posts to all your friends with more scamming tactics to get info from them. Of course they try to get your credit card number, transfer money from your back accounts... oh boy, it's hell! Furthermore, they will sell your username/password to other scammers and hackers to whomever wants to buy it.
Take a look at the real fishing email I recieved below. REMEMBER, scammer/hackers can easily create graphics, text, buttons, etc. that look like the real company. Note that emails can come from any type of source not just businesses. It might say, "US Government" or "Hi Julie" (using your name) and the subject might be "pics from our trip".
#1 Title - Amazon.co.jp, Subject is: "Your account has been closed". Looks like a real email. Even I, a veteran coding genius would click on this email to see what's up. However, I would be suspect right off the bat because the title is a bit weird... why would Amazon "all-of-a-sudden" close my account?
#2 Content - The content is in Japanese but it's perfect Japanese just like it might be perfect English without any mistakes. It sounds totally legit but you must remember, scammers and hackers can say anything! There is a nice little yellow button there you can "please click" to fix things.
#3 From - The 1st real sign this email is from a scammer/hacker. the "from" email is from "noreply@youtube.com". Now... why would Amazon be using a youtube.com email address? This guy is actually not a very good hacker, it's very blatant. A good hacker would use an email address like, "service@amazons-help-desk.com" Even though this email look just a little legit (because it has "amazon" in it), it's still a fake email.
#4 Link - The 2nd real sign this email is from a scammer/hacker. Don't Click a link (unless as stated above you have high confidence in trusting the sender). However, you can "hover" over a link and by doing this you can see the target URL of the link. You'll notice this "Official Amazon" button links to "https://1xpt5w755pwb6k4.blogspot.com". LOL, what the heck it that! Once again, not a very good hacker. Many people won't glance at the link and will just nonchalantly click (sorry for them). However, a good hacker would once again use a tricky link like "https://amazone.com/user/help". You'll notice it's not "amazon" but rather "amazone".
So, what if a real company is really trying to contact me through email?
The #1 best solution is to pick up the phone and call the official company, especially if it's something major. However, this can be a hassle and or not an option so what you should do is go to their official site by opening a new window and log in through their official homepage. It's a simple thing to do and protects you from fishing scams. Most major sites these days have a "user account" area where you communicate with the site staff. If they don't have a communication area and or you don't see anything pertaining to the email you received, you can always contact them through their contact methods in the back-end area.
There are rare times when a real site requires you to verify through email
If you forgot your password or are trying to set up a new account, most sites require you to verify through email. This is very dangerous but there is no way to get around it. When you receive a verification email here is how you handle it to make sure it's real:
- Have the official website's homepage open in a separate window.
- Look at the address bar and memorize the EXACT root domain name. For Example: if it's Amazon it will be "amazon.com" or if it's Facebook it will be "facebook.com".
- Check the reply email. The reply email should reply to the official website. An email from Amazon would be something like "help-desk@amazon.com" notice how the name/text after the "@" sign is exactly the same as the official Domain name. Depending on the size of the company, these can alter slightly and it can be tricky.
- Hover over the link the email supplies and see where the target URL goes to. Once you hover over a link, most browsers will pop-up a little box in the lower left corner showing you where the link goes to. If the link goes to the official domain (make sure the name/text is exactly the same as the official site), it's a pretty sure safe bet that it's a real and good link. However, good hackers are great at creating fake and "close to" links like "faccebook.com" (two c's) or "ammazon.com" (two m's) so be careful and check the spelling.
