Fool me once....

The origins of April Fools day are unclear. Opinions range from a possible mention in Chaucer’s “The Canterbury Tales”, way back in 1392, to a 1508 French poem, or a particularly strong rib tickler in 1698 when a number of people were tricked into visiting the Tower of London to see lions being washed. There were no lions. That was the joke. No? Me neither…

Whatever the etymology of April Fools day, it’s become a staple of office wits and annoying fathers throughout the land. It also brings to mind the more nefarious methods people use to fool us these days, with cyber based tomfoolery replacing the traditional “go and find me a left-handed screwdriver” line from previous decades.

With that in mind, I thought it would be the right time to look into some of the methods used to fool us, starting with general email phishing.

If you are anything like me, or like anyone else on the planet that has an email address, you’ll get many of these a day. There are many pieces of software out there that will do its best to filter these from your inbox, but the odd one will unfortunately wriggle through.

So, what do you have to look out for to uncover if this is actually a wonderful ‘20% off deckchairs at Costco’ offer, or a simple way to remove you from your hard-earned cash, without the deckchairs in return?

1. How “attached” are you to your money - Think about all the times you received an email from a business that was legitimate, that you weren’t expecting. Did they ever have an attachment like a Zip File or an excel spreadsheet in them? No, of course they didn’t. Unless you are expecting an email with an attachment, please don’t open it. Therein, monsters dwell. As does a huge amount of pain. 
2. Not in my name - If I receive an email into my rapidly expanding inbox and the opening gambit refers to me as “Customer”, “valued client”, “Mr”, or anything else similar, it’s not going to get very far. It’s either dodgy, or just a circular that I’m not interested in anyway. Want to email me? Get to know me. Call me Steve. I’ll read your email then. I’ll also answer to “Big Man”, “Handsome” and “Princess Unicorn”. Just an FYI.
3.  How apalling is the speling - I accept that the odd spelling mistake can sneak through on communications. However, if you are sending a professional communication, you generally double check it for grammar, spelling and punctuation before it goes out. Phishing emails generally contain errors in all these for what could be a couple of reasons. One, maybe the email is not being written in the first language of the author. I know if I had to write an email in Mandarin, it may contain the odd mistake. And reason two is more likely, in that if someone is gullible enough to respond to a badly worded email, they are more likely to fall for a further scam
4. Reading carefully - Unsure about the well-crafted and well punctuated email you see before you? Hover your mouse over the senders’ email address to see which URL it is from. If the email says it’s from Tesco and the email address that pops up when you hover says [email protected], I’d not be opening it. Also be very careful of letter mimicking. A website called www.barnsbuilt.co.uk could easily look like www.bamsbuilt.co.uk if you aren’t looking closely enough. 
5. You don’t know me man - Legitimate companies will never ever ever ever ever ask you for sensitive information via email. No passwords, credit card numbers, full addresses, etc. They may email you and ask you to leave your email application and open their website independently, or direct you to their third party app, but if you get an email asking you to click a link to change your password, or log on to Office365, don’t do it.
6.  Dollars to donuts - Who doesn’t love getting an email saying they are due a $500 tax refund, or a $750 payment from their bank after they’ve been overcharged? Sounds like a Friday night to remember and a Saturday morning to forget to me. Except, I don’t get paid in Dollars. Mr Tax Man doesn’t use them, neither does my bank. So no, I’m not going to click here to confirm my refund, as you’ll just put something nasty on my hard drive. And there’s enough nasty on there already without your help.

These are just a few things to look out for on a basic phishing email.

To be honest, just be on your guard and if it’s too good to be true (a castle on Lake Como for ten grand, or free Haribo for life), it’s probably not true. That being said, I do believe Costco sell lovely deckchairs and they do often have a sale on.

Unfortunately, there’s more to phishing than what you have read today which is why in the coming weeks, we will look at Spear Phishing, Whaling, Smishing and more so stay tuned to read my thoughts soon on my soon to be regular "Phishing Phriday".

If you need any help or would like more advice on phishing please get in touch.