Don't be fooled by these sneaky email addresses
In today's world, email is an essential communication tool that allows us to stay connected with friends, family, and colleagues. Unfortunately, it's also a favorite method for cybercriminals to spread malware, phishing scams, and other fraudulent activities. One of their tactics is using sneaky email addresses to trick us into believing their messages are legitimate. In this article, we'll explore some of these email address tricks and how to spot them.
1. Spoofed email address
A spoofed email address is a disguise that cybercriminals use to make it appear as if the email is coming from a reputable source. Spoofed addresses can be hard to spot because they mimic the domain name of an organization, and they often include a username that looks legitimate. For example, instead of a legitimate email address from Amazon like "[email protected]," a spoofed email address would be "[email protected]." Notice the zero instead of the letter "o."
2. Homoglyphs
Homoglyphs are different characters that look similar to some letters in the English alphabet, making them an easy way for cybercriminals to deceive their targets. They might replace the "o" in a legitimate email address with the Greek letter Omega, making it nearly identical to the original. For example, "info@compaΩy.com" looks like "[email protected]."
3. Typosquatting
Typosquatting is a technique for claiming misspelled domain names to deceive people who make typing errors. Criminals buy domain names that are similar to legitimate ones so that if someone fat-fingers a domain name, he or she is taken to a malicious website. For instance, if you receive an email from "gmaill.com" instead of "gmail.com," you might mistake it for the real thing.
4. Subdomain attack
A subdomain attack works by creating a subdomain that looks like a legitimate domain. Subdomains are used to specify a specific section within a domain. Cybercriminals may use them to set up a fake banking login page or other scams. For example, an attacker could use "banking.wellsfargo.net" instead of "wellsfargo.com." If you're not careful, you could fall into their trap.
5. Cyrillic domain
Cybercriminals may use Cyrillic characters from the Russian alphabet to register malicious domains. For example, "рaypal.com" looks like "paypal.com," but the first letter "p" in the malicious domain is actually the Cyrillic letter "r." The same applies to letters E(е), T(т), O(о), A(а), and H(н).
How to avoid being fooled?
1. Double-check the email address. Look for any discrepancies or typos that might give it away.
2. Hover over the links. If an email directs you to click on a link, hover over it to see the URL. If it looks suspicious, don't click on it.
3. Don't trust the display name. The sender's email address is usually not what you see in the "from" field. Click on the name to reveal the complete email address.
4. Install anti-spam software and keep it updated. Spam-blocking software is designed to detect and block malicious emails, so install a reliable one and keep it updated.
5. Educate yourself and your team. Train your employees to spot suspicious emails and to follow security procedures.
Conclusion
Sneaky email addresses are a cybercriminal's favorite tool to deceive people into clicking on malicious links, downloading malware, and giving away sensitive information. However, by knowing how to identify, prevent, and report such emails, you can protect yourself and your organization from falling victim to cybercrime. Remember to stay vigilant, double-check everything, and never trust a suspicious email.