Cyber Safe Work Security Awareness Poster June 2024

Cyber Security Awareness Poster

Email scams are on the rise. Be an email detective, and learn how to spot these email scams.

Look at the “from” address

There are several ways scammers try to trick you into thinking an email is from someone you trust. An email address can be spoofed, as in it looks like it came from someone you know but it really came from a bad actor. You can usually tell if you hover over the email address with your mouse. Sometimes, scammers create new email addresses that are similar to existing domains. These may be a bit harder to spot.

Inspect the greeting

When we write an email, it is common to use a greeting. Scammers often use greetings that are generic and attempt to create a sense of urgency or familiarity to trick recipients into opening their emails. Some common greetings used by scammers include:

1. Dear [Recipient’s Name]: This is a standard greeting that scammers use to make the email appear more personal. They might obtain your name from publicly available sources or from previous interactions.
2. Hello/Hi [Recipient’s Name]: Similar to “Dear [Recipient’s Name],” this greeting aims to create a personal touch.
3. Attention/Attn: [Recipient’s Name]: This is often used to grab the recipient’s attention, especially in emails pretending to be from official organizations or businesses.
4. Urgent/Important Notice: Scammers may use these words to create a sense of urgency, prompting the recipient to act quickly without thinking.
5. Congratulations: Often used to lure victims into believing they’ve won something or have been selected for a special offer.
6. Dear Friend/Valued Customer: Scammers use these generic greetings to establish a friendly tone, even if they don’t know the recipient personally.
7. Dear Beneficiary: This greeting implies that the recipient is eligible for some sort of benefit or reward, which is often a tactic used in phishing scams.
8. Dear Sir/Madam: Scammers use this when they don’t have specific information about the recipient, trying to appear formal.
9. Greetings: A general greeting that is often followed by a scam message, trying to appear friendly and non-threatening.
10. Happy [Day of the Week]: Scammers sometimes try to create a casual, friendly vibe by wishing the recipient a happy day.

Analyze the URL

When someone advises you to “analyze the URL” in a suspicious email, they’re suggesting you examine the web address (URL) included in any links provided in the email. Here’s what it entails:

1. Check the Domain Name: Look at the domain name in the URL. Scammers often create URLs that resemble legitimate ones but have small variations, like misspellings or extra characters. For example, “paypal.com” could be mimicked as “paypall.com” or “paypal-security.com”.
2. Hover Over the Link: Hover your mouse cursor over the link without clicking it. This action will reveal the actual URL the link will take you to. Make sure it matches the expected destination and doesn’t lead to an unfamiliar or suspicious site.
3. Analyze the Structure: Legitimate URLs usually have a consistent structure. For example, they may start with “https://” for secure websites. Be wary of URLs that contain random strings of characters or seem overly complicated.
4. Look for HTTPS: Secure websites use HTTPS rather than HTTP. Ensure the URL begins with “https://” to indicate a secure connection. However, be aware that scammers can also use HTTPS, so this alone isn’t a guarantee of safety.
5. Be Wary of Shortened URLs: Scammers often use URL shortening services to hide the true destination of links. If you see a shortened URL (like those from bit.ly or tinyurl.com), it’s best to avoid clicking on it unless you trust the sender.
6. Check for Popularity: If it’s a well-known website, check its popularity. If it’s supposed to be from a bank, for example, but the website has very little online presence or negative reviews, it’s likely a scam.
7. Watch for Redirects: Some malicious URLs may redirect you through multiple sites before landing on a final destination. If you see this happening, it’s a red flag.
8. Look for Padlock Icon: On secure websites, there’s usually a padlock icon next to the URL in the browser’s address bar. However, this isn’t foolproof, as scammers can also fake this.

Scrutinize every link

Sometimes, links aren’t as obvious. They can be sent as QR codes or images. Be wary of clicking on anything in a suspicious email. The same can be said for attachments. Don’t open those either.

CourseVector grants permission to use this artwork for any non-commercial purpose as long as the CourseVector contact information remains, as is, on any reproduction or use.