One skill it's very important to have under your belt these days is being able to identify an email that isn't genuine. Even the best spam detection services aren't 100% accurate, so you can never assume that any given email is legitimate.
Google have launched a quick quiz to test your abilitiy to identify a dodgy email. Once you've answered each one, it will explain why you are right or wrong. It's well worth taking the time to give this a go:
https://phishingquiz.withgoogle.com/
Email will always be a popular method of attack for anyone with nefarious intent. Given most machines keep themselves up to date these days, it will be increasingly difficult for an attacker to use bugs in the operating system to try and compromise a machine. This means that means that you are the weakest point of defence between the attacker and your machine. Therefore they will try every trick in the book to get you to click a dodgy link that lets them into your device or provide them with login details that they can use to get into your email or important accounts (eg banking).
Generally, these emails are easy to spot. They're often badly written, which is usually a giveaway. The recent spate of "We've been spying on your webcam" emails that we're still seeing plenty of are a good example of this.
Sometimes, they can be a lot more targeted. "Whaling" spam often purports to be from a colleague requesting that money is transferred. We've covered this variant in detail in a previous blog.
You even need to be a little cautious with email that appears to be from a trusted source. While rare, we have seen examples of someone's email getting hacked mid conversation and the attacker picking up the conversation in the hope of getting money or details.
Whenever you receive any email, you should be asking yourself
- Am I expecting this email?
- If not, do I know the person that sent it? Does it read like previous emails they've sent?
- If I don't know the person that sent it (or even I do), are they asking for anything out of the ordinary?
- If there's nothing odd about the request. have they included any attachments or links? If I hover over any links before clicking, are they going to genuine websites? If there's an attachment, why have they sent it?
There's no need to be overly paranoid, but a couple of seconds spent analysing what you've been sent can save a lot of time trying to fix the problem later!