In the previous articles we have been talking a lot about examples of how you can stay safe and be a security feature yourself. Today however we will be talking a bit more in depth on some of the actual real world issues to look out for.
The most common one of these is the mistaken identity, a lot of criminals prey on people like you and I having an automatic trust relationship with people we know. This means that any kind of message we receive from a friend or family member is usually taken at face value and not checked any further. The issue with this is that it takes little to no effort to mimic a friend or family member, all you need is the profile picture they are using (which can be easily downloaded) and then to change the name of your email profile to match theirs.
The image above could at first glance look like my friend Dan, as it has his profile picture and his name. On closer inspection though, I can see that his email is all wrong, it’s supposed to be “email@example.com”. This is an extreme case though, if the criminal was really smart he could register an email called “firstname.lastname@example.org” and we might miss the extra “n” in the email.
This is actually the most common way to trap anyone into clicking a bad link or downloading a malicious file and it works more often than you’d think, even on IT professionals. This is why it is always important to check if the sender really is who you think they are, before clicking a link or downloading anything, especially if your friends email doesn’t seem like their usual style of writing.
It doesn’t only apply to friends though, another very common issue is criminals masking as government official or a bank and due to the authority they hold, you and I are much more inclined to do as the email instructs. Do keep in mind though, no reputable company or government official will ever ask for your login information or financial information and government officials will most definitely never send you a link to log in on. The reason for this is that so many scams start out with a malicious company registering a domain similar to the bank or government agency like “irs.gov.com” and then abusing this address to make it seem like the government is trying to contact you.
This idea of checking the sender of a piece of information is one of the most crucial steps to stop your computer from getting infected or one of your accounts from getting stolen. But in a few cases you may even get a dangerous message from a trusted source, usually when they have been unlucky enough to trust the wrong message and got infected. So always be on your toes if a friend sends you a message that doesn’t seem quite like them, ask if the meant to send it to you or if it really came from them.