Believe it or not, there are still a lot of people out there getting caught out via email scams and viruses. A couple years back a colleague of ours got most of the computers on their office network infected with a ransom virus simply because he opened a file attachment from an email address he thought he recognized.
As a general rule of thumb, attachments from unsolicited emails are a big no no, but once again, he thought he recognized the email address, and in there lies the problem. Always stay alert when doing anything Internet related. Hackers and the likes are always trying to come up with clever ways to catch us off guard. A common way is to disguise emails presenting them as if they are from people or companies we trust. For instance, I’ve gotten an email claiming to be from Amazon telling me about an order that was placed from my account and if it wasn’t me that I should click on some link to rectify the problem. The composer of this email knew obviously that I didn’t make any such order and was hoping that I’d click on the link therefore leading me into a world of problems, which is where I’d be had I not been paying attention. The actual email address wasn’t attached to an Amazon domain. That was enough to let me know that this was a scam. So always check the domain. An email from “Piracuda <email@example.com>” isn’t from Piracuda but one from “Piracuda <firstname.lastname@example.org>” would be.
As I write this post I have an email from someone I actually know… but it’s really not from him. Just looking at the domain name sets off alarm bells because it’s obscure and I’ve never seen one like that from him before. Failing that, the email itself is just of some link, rarely much of a message… doesn’t sound like something Ryan would do. All this says to me is that he’s somehow encountered a virus which has compromised his contacts and is posing as him to spread itself to all his contacts.
Most email providers provide some sort of spam filtering. Make use of it. Above all apply some common sense. Always have a look at the domain, the context of the email, the link it wants you to click on (don’t actually click on it just look at the url), and/or the file it wants you to open (defo don’t open it) and ask yourself, is this genuine? Most times it isn’t. With the file scenario: If the email says there’s a document attached but the file has a .exe file extension, that’s an immediate no go (an .exe file extension is an immediate red alert). Brush up on some basic file extensions so you know that if someone said they sent you a type of file (a photo perhaps), the attachment’s file extension should match up. As for the link scenario, if the link is linking you to a file or something with a file extension, there’s a high probability it’s a no no. For instance, the link in Ryan’s email has a .php file in the url. Yes there are a lot of php sites out there therefore using php pages but the file extension is usually hidden. When you do see the file extension, there is a chance that it is not an actual web page but a file with malicious code. So “somesite.com/hello” is probably cool, “somesite.com/hello.php” should raise your alarm bells.
There’s more to it but just paying attention goes a long way.