As a working technology teacher, I get hundreds of questions from parents about their home computers, how to do stuff, how to solve problems. Each week, I’ll share one of those with you. They’re always brief and always focused. Enjoy!
Q: I got an email that looks legitimate, but I’m not sure. How do I check?
A: You’re right to take a step back. ‘Phishing’ is an attempt to steal your personal information by posing as a trusted source (a friend, your bank–like that). Kaspersky reports that while spam is declining, accounting for only 66% of email last year, phishing attacks have tripled. Why? Because it works. People think it won’t happen to them, until it does. To clean up after a successful email box invasion can take months, cost thousands of dollars, and give you many sleepless nights.
As a educator, you’ll want to teach students how to protect themselves as soon as they start using open email networks. Here are six suggestions:
- don’t open attachments–especially from strangers. Request that the sender embed it into the message portion of the email so you can preview it. Truthfully, I open lots of attachments, but they’re always expected. When someone I know is sending me an unexpected attachment, I ask them to include a code (something no one would expect, like their initials) in the first line of the email so I know it’s legit.
- don’t click links in emails–especially from strangers. I routinely make exceptions with this if it’s from someone I know and/or an expected email. DO NOT EVER click links from a financial institution no matter how legit it looks. Spammers are very good at spoofing legit financial institution websites, and thus persuading you to enter your highly-private user name and password. Instead, log into your account and enter that way.
- check the email address of the sender. Does it match the name? Does it look representative of the sender (for example, would Wells Fargo use an email address like firstname.lastname@example.org)?
- check for misspellings and misphrasings. More than half of phishing attacks are from Asia which may not be your home country.. That means they aren’t fluent in your native language and make mistakes.
- if you know the sender, does the email sound like their communication style? If not, send them a quick message to ask if they just contacted you.
- if the email passes all of these tests and you’re prepared to click on a link, PAUSE FOR ONE MORE TEST: Hover over the link and see what the address is. If it doesn’t match what the text says or doesn’t look legitimate, don’t click.
Sure, these six steps take time, but they’ll save you not only time, but money, grief, and stress when you avoid a problem.
Jacqui Murray has been teaching K-18 technology for 30 years. She is the editor/author of over a hundred tech ed resources including a K-12 technology curriculum, K-8 keyboard curriculum, K-8 Digital Citizenship curriculum. She is an adjunct professor in tech ed, Master Teacher, webmaster for four blogs, an Amazon Vine Voice, CSTA presentation reviewer, freelance journalist on tech ed topics, contributor to NEA Today, and author of the tech thrillers, To Hunt a Sub and Twenty-four Days. You can find her resources at Structured Learning.