Safe email habits

Recently a co-worker of mine brought me a copy of an email message he had supposedly received from his Bank. The email claimed that his account had some recent irregular activity. Apparently someone had tried to access his account from a different “ISP host”. The email went on to claim that he should confirm his account information by clicking on the links below. My co-worker brought me the email because he was unable to follow the links and knowing that I was good with computers, he wanted to know if I could “fix” the problem so he could verify his account information.
I took a look at the email and immediately felt like something was not right. First of all, banks, internet providers, investment brokers, etc. do not typically ask you to verify your information via the internet, especially by clicking a link through an email. Secondly, an ISP is an internet service provider, typically when someone speaks of an attempted attack they say an unknown IP (internet protocol) address, not an internet service provider. My immediate reaction was this was a phising attempt.

I quickly did a search and discovered I was right. This was an attempt by someone to steal this person’s personal account information. The fact that he couldn’t open the link probably saved him a lot of money and trouble. I told my co-worker that the email was a fake and that someone was trying to steal his information. I confirm with him that he never enter any information about his account. I then told him to call his Bank’s fraud department and I suggested he change his password just to be safe. Problem solved, but then I began to think about how awful this could have turned out if he had been able to follow that link. He could have lost money, had his identity stole all because he didn’t know some basic internet safety.

As a geek I spend a lot of my free time researching internet security issues, network security issues and digital forensic techniques. Now as you probably know if your read my “about” page I don’t necessarily work in the information technology field, this is strictly a hobby. Hey, I told you I was a geek what did you expect? Anyways, since I follow these topics pretty closely I know the do and don’t of the internet and unfortunately take for granted that others are less informed than me.
Let’s go over some simple things you can do to protect yourself. First if you get an email from someone asking for any type of personal information, user ID, passwords, Social Security numbers, etc. question the email validity. It doesn’t matter who the email is from, my co-worker’s email had a return address that looked real, even the IP address was right. It’s not hard for a professional criminal to spoof (fake) an email address. If you get an email from some one asking you to verify your information don’t click through the email, instead go to your web browser and go to the website and log in as normal. If it’s a website you don’t normally go to and you have forgotten the address call customer service, just never click through your email. Thirdly, if you think an email seems like it could be a fake or you just have funny feeling about it. Don’t shrug it off, trust your instincts, being a little paranoid can go a long way in protecting your information.

The best and easiest way to confirm your fears about an email is Google. That’s right Google; a Google search is a great tool to find out about other fake emails. That’s what I did with my co-worker, remember that “ISP host” well it was a long series of numbers and letters that was supposedly the “ISP host” number, so I type that number into Google and searched. There it was that exact combination of numbers and letters, found at Spam daily news, a website devoted to publishing spam attempts. When I clicked on the link there was the email message word for word, expect the name of the bank had changed. That’s how I knew this email was a fake.

So next time you check your email be sure to apply these safe email habits, make them part of your email checking routine and they will go a long way to protecting your personal information online.