Welcome to another Tidy (and Busy) Tuesday.
I've been bouncing between too many projects and tasks for the last many days, and I don't have something novel for you all this week.
However, I have noticed a weird uptick in scam emails landing in my inbox lately, and that reminded me of one of the topics we covered in Tidy '24 during Security Month: phishing.
I thought, why not pass along that content as a refresher for anyone who's been around since last July, as well as everyone who's joined since? So, here we are.
To start, here are my 3 Most Important Anti-Phishing Rules:
- Always verify information with the source using independent and outgoing communication methods.
- Never let fear or urgency drive your reaction to an unexpected email or call.
- Watch out for anything that doesn’t pass the sniff test.
What does the "sniff test" mean? These are some of the most telling signs:
- 🚩 A "from" address that doesn’t match the supposed merchant.
- 🚩 Spelling, punctuation, and other grammatical errors in the subject or message body.
- 🚩 A prominent invitation to call a phone number to cancel or obtain a refund.
- 🚩 A very short message with a PDF attachment.
- 🚩 Liberal use of different fonts, colors, and styles (especially red).
Scammers try to catch you off-guard and either scare or entice you into doing something--usually handing over information--that you wouldn't under normal circumstances. If you can stay calm and rational when you encounter something unexpected, you can spot 98% of the scams that head your way.
For more explanation about these rules and red flags, check out the original Tidy 24 post for Security Week 5 - Phishing.
Interestingly, since spam/scam emails continuously evolve to get around automated filters, I have noticed a some shifts since I wrote that article a year ago. I don't get nearly as many PDF attachments anymore. But I also get a lot more messages supposedly offering deeply discounted or free products or shopping club memberships from places like Costco.
Speak of the devil...another Costco one came in literally as I was typing the previous sentence. Go figure.
With this slight change of tactics, I'd add a new telling sign to the sniff test:
6. 🚩 An unsolicited offer of something at an unbelievable price.
These scams still get our attention and make us drop our guard if they look like they're from a reputable brand we know and like. Especially if it's for something we might actually want. Keep an eye out for these!
How's your phishing detection these days? Do you feel pretty confident in your ability to spot a scam, or are you frequently worried about clicking the wrong link? If the latter, check out the blog post for some info that might give you more tools to use in the battle against scammers.
Until next week, happy data-taming!