Many people you know have been hacked or scammed online before. But surely they just clicked something they obviously weren’t supposed to, right? Well, hackers are getting smarter and smarter by the day. Do you know what to look for in online scams? How can you protect yourself from getting hacked? How can you ensure your information won’t get leaked and you won’t lose your personal social media or your business pages? One of our clients recently received a message that initially looked a bit scary. However, we were instantly able to tell that this was a phishing attack attempt. There was nothing to worry about regarding the functionality of the webpage, other than what would have potentially occurred if they’d clicked the link!
View a screenshot of the message below along with other examples of email scams that we have seen recently. Then, let’s talk about how we knew this was a scam, or a phishing attempt. Also, let’s learn what you can do to add extra security measures to your account.
Dissecting the Facebook Message
Fellow tech nerds will see a message like the one in the first image and know that it isn’t legitimate. But if you aren’t very tech savvy, how would you be able to know for sure? What about it should stick out first? Let’s find out.
Besides not knowing who the sender is, the first thing you will want to look at is the link within the message. Do not click on it! We want you to look at the details within the link, specifically the api.vc.ru. That .ru means the domain is Russian. According to security professionals at KnowBe4, .ru domains are run by hosting providers that keep malicious domains running by ignoring reports made against them. This creates the perfect environment for a cybercriminal!
Besides the details of the link, you can also keep an eye out for typos, broken English, weird fonts, or bolded text. Facebook will also never direct message you, or email you, demanding anything.
Dissecting the Email
Pictures 2 and 3 up above are from an email that one of our own team members recently received. Again, as some tech nerds, we can easily figure out that this isn’t an email to be legitimately concerned about. Our first tell? We don’t recognize the sender name at all. Looking even closer, the name says “Deirdre Anderson” but the actual email address has “Courtney” and “Marilyn Q” in it! Also, we are not familiar with the key 4 tomorrow domain.
Another big clue that this is a spam email is that the guest list, or recipient list, is so large that it wouldn’t even show everyone. Why would they send an email about a specific transaction on PayPal, with a transaction ID and authorization code, to that many people at once? Because it’s fake, that’s why. They couldn’t even take the time to pretend to address everyone properly (see picture 3 where it just says, “Dear __,“)!
Staying Smart & Secure Online
Scammers pretend to have authority over your accounts all the time. Whether they go through fake Facebook accounts, such as the one who sent our client that message above, or they actually pretend to be someone from Facebook themselves, you can never be too careful. Facebook, and all other social media platforms, have plenty of guides and resources available if you think you are undergoing a phishing attack. Whether it is for your personal account or if you run a business page, you can send all reports for situations like these on Facebook to phish@fb.com. For more information on what to look out for, and other pathways for reporting, visit this support page.
When it comes to your email, most of these types of messages should be automatically filtered to your spam inbox. If they start to make their way through to your primary inbox, just report them as spam and delete them. If you are concerned about the security of your inbox, especially the one you use for your business, we have the tools and resources to help you.
What To Do If It’s Too Late
If you’ve received a phishing message before and have already clicked on any suspicious links, don’t give up on regaining control of your accounts! As a business, starting a new social media page and regaining traction with all of your followers can be daunting to think about. If your login details were changed, file a report with Facebook and explain what happened. It may take some time, but typically, you should be able to get your page back.
If you have clicked a phishing link before and still have access to your account, you need to act fast to regain full control and protect your information. Change your password ASAP, not just on social media or your email provider but also anywhere else that you are using a similar password. Add multifactor authentication, or two-step verification. This will connect the account to your phone number or a YubiKey to add an extra layer of security. Lastly, if possible, go into your settings and look at your login settings and/or active devices. If you don’t recognize any of the devices that are currently logged into your account, log them out.
Don’t Let The Next Phishing Attack Get to You
Just because you curved one phishing attack doesn’t mean it won’t happen to you again! As we mentioned earlier, hackers are getting smarter and smarter by the day. When in doubt, slow down and look at the finer details of the messages you receive. Do you recognize who is sending you the message? Does the text make sense or even pertain to you at all? If you ever need help deciphering a message, do not hesitate to reach out to our team for assistance. We take online security very seriously, for ourselves as well as our clients!