Do NOT click on that email link
Scammers, “hackers”, phishers and evil-doers are all over the Internet these days. Facing security threats is now a routine part of online life and you must learn to protect yourself, or else you are at risk of device sabotage, information theft or worse.
As the title of this post suggests, No, you should NOT click on that email link (or open that attachment).
Today my wife received an email that appeared to come from a friend, which is a common trick that I’m seeing more and more of these days. The malicious sender will blast out emails using the display name of one of your friends, possibly culled from Facebook, a compromised email account or another source. This is called social engineering, as a user is much more likely to trust an email from one of their friends compared to an email coming from some stranger or an unknown email account.
This email contained a link that, once clicked on an Android smartphone, downloads an APK (application installer) to the user’s phone. If installed, this APK would no doubt wreak immense havoc on the phone and most likely steal sensitive information such as usernames and passwords.
Here are a few tips and strategies that you can use to help protect yourself from these types of malicious schemes.
Who is the email REALLY from?
Most people only pay attention to the display name of the sender (eg; Wes Novack) and don’t scrutinize the actual email address. This is a weakness that scammers are trying to exploit with these type of emails. Make sure to look at the real email address behind the display name (eg; firstname.lastname@example.org ). If you don’t recognize the full email address, then it is most likely a scam. Contact the friend who supposedly sent you this email before you open the message or click on any links inside of it.
What is the context?
If you receive an email with a hyperlink in the body of the email, with no explanation text whatsoever, there is a very good chance that this email is malicious. Were you expecting an email from this person? Do NOT click on the link or open the attachment in that email. Contact the friend and/or the email address who supposedly sent you this email and ask them to explain what the link or attachment is before clicking on it.
Do NOT install!
If you happen to click on a link from an email and it asks you to download or install something, do NOT do it! If it automatically downloads something, delete the downloaded file immediately and then empty your recycle bin (if applicable). You should then run a full virus scan on your system.
Do NOT log in!
One of the most common types of malicious email circulating the interwebs these days is the “phishing” scam. These emails contain a link to a website, and that website will APPEAR to be a site that you trust and use often, like Facebook, email, a bank website or another site that you login to regularly. This is almost always a scam. Scammers can replicate the exact look of a website that you trust using a different host name. Pay close attention to the actual URL (website address at the top of your browser) of the site that you are visiting before you divulge login information. With this type of scheme, the scammers will record your login attempts and they will then use the username and password that you voluntarily surrendered for accessing your real account.
You should NEVER log into a website after clicking an email link unless you are 100% sure that the domain name is the correct one.
For Android: Disable Unknown sources
If you have an Android device, go to Settings > Security > and then uncheck the option “Unknown sources”. This is disabled by default, but if it was turned on for some reason, you should turn it off unless you explicitly need it turned on. When turned on, this setting will “Allow installation of apps from sources other than the Play Store”. Keeping this turned off can protect you from accidentally clicking on and installing a malicious APK file that you accidentally downloaded.
Another tip for Android is to keep the Security setting “Verify apps” turned on. This setting will “Disallow or warn before installation of apps that may cause harm”.
A little awareness goes a long way. Be attentive to detail. Scrutinize email addresses and website URL’s. If you think something is fishy, it probably is. Err on the side of caution.
I hope you enjoyed these quick tips and security advice. Surf safely out there!