E5C4CCAA-06BE-6365-0ED668761D20D82E
01B00623-09BB-C72B-7BF48BA5C4E55764

Your Package Has Arrived?

By Ryan Coyle

November 19, 2014


With the holidays fast approaching, it’s also time to be aware that the bad guys are out there in full force too.  As is usual for this time of year, people are shopping online, trying to avoid the bad weather and get the best deals.  The bad guys know this and are taking steps to separate you from your money. This leads to a big uptick in phishing emails purporting to be from Amazon and Ebay.

The bad guys know that people are doing a lot of online shopping over the holidays and are more apt to try and sneak emails through that are from these companies.  The big areas to be aware of are emails from these companies that contain attachments.  Emails with attachments should always perk up your phishing sense, especially if you aren’t expecting them.  The bad guys have success with these types of emails because people trust these companies and generally the bad guys have refined crafting emails from them that look official.  Popular hosting provider AppRiver has already quarantined hundreds of thousands of emails purporting to be from Amazon and Ebay, all bearing malicious packages.

So how do you spot these fake emails and keep yourself safe?

  • If it has an attachment, do what Elsa does and “Let it go”.

    Both Amazon and Ebay will never send you an email with an attachment.  They know better.  If you have a legitimate transaction pending with one of these companies, go right to the site itself and log into your account.  You should be able to view your entire transaction history there.  Whatever you do, do not click on any links in the email itself, as those will also most likely contain malicious code.
  • Check the from field

    While the email itself may say that it comes from Amazon or Ebay, hovering over the address will reveal the real sender.  You’ll want to verify that the sending address has the appropriate domain at the end, meaning that something from Amazon came from something@amazon.com and not susieq@hotmail.com.  Ebay and Paypal have a nice feature which integrates with Gmail in that if the email came from them, it will have a key-shaped icon next to the sending address.  Look for that key to know if it came from Ebay or Paypal.  Amazon does not have anything like this at the time of this article.
     
  • Grammar and formatting

    Always a telltale sign of a phishing email will be bad grammar and/or oddball formatting.  The good news is that the errors are usually glaringly obvious.  Also, watch out for emails that have really bad spacing and formatting.  Amazon and Ebay have professional copywriters working for them on their correspondence.  Logos and such should be properly sized and spaced, and not look like they’ve been cut and pasted from Google.

So these are good ways to help spot a fake phishing email, but what happens when the unthinkable occurs?  If you’re like me, you get a lot of email.  Sometimes if your brain is on cruise control and you’re worrying about a dozen other things and mindlessly clicking through your email, you might not have your Captain Email Safety hat on.  Oops, you definitely click on a link that you probably shouldn’t have.  What do you do then?

  • Don’t panic

    Don’t yank the power cable out of your machine, don’t throw your phone or laptop out the window.
  • Tell someone

    It’s a common misperception that if your computer doesn’t immediately start acting weird or spontaneously combust that whatever you did was harmless.  This couldn’t be further from the truth.  According to a recent report from Google security, accounts that are compromised are often accessed within 30 minutes of the breach.  The moral here is that just because nothing immediately happened, doesn’t mean you’re in the clear.  If you suspect that you clicked on something you shouldn’t have, tell someone.  Have a professional check it out and help you.  If its your Hamilton machine and account, call the Help Desk.  If its your personal machine, contact the appropriate channel for whichever account was phished (Amazon for your Amazon account, etc).
  • Run a virus scan

    If you clicked on an attachment and installed something you think you shouldn’t have, a good first step is to run a virus scan on your machine.
  • Change your password

    A necessary evil but an important first step.  If you think your account credentials have been compromised, change your login credentials before the bad guys do.  Once the bad guys get ahold of your account, the first thing they’ll do is change the password so that you can’t get back in.  Beat them to the game to help alleviate any damage that can be done.
  • Change the password everywhere else you might use that password

    Once the bad guys get ahold of a compromised account and change the password on it, the next thing they’ll do will be to start taking those credentials and see where they work elsewhere.  Is it a giant pain to do?  Absolutely. This is one reason why you don’t want to recycle your passwords for different sites.

Hopefully these tips help and you can have a safe and happy holiday shopping season!



All Entries

Help us provide an accessible education, offer innovative resources and programs, and foster intellectual exploration.

Make a Gift

Site Search

Menu