Raising Tech

62. Resident Exclusive Miniseries- Malicious Emails

• Amanda Knapp, James Peck • Season 3 • Episode 62

Once a month, we bring you a special episode dedicated entirely to resident technology, covering education, common issues, tips, tricks, and more.

📚 These episodes are designed to educate, inform, and keep you updated on the ever-evolving world of technology. Today’s episode will guide you on recognizing and avoiding malicious emails. You can listen to it on all podcast platforms, but we highly recommend watching the video demonstration on YouTube. This demo is just one example of the many tech classes offered through our Tech@Home program.

🎥 Watch the full video demonstration on YouTube.


Find us online:
Website
Facebook
Instagram
LinkedIn


Welcome to Raising Tech Podcast Resident Exclusives. My name is Amanda. and once a month we have a featured episode completely dedicated to resident technology including education, common issues, tips and tricks and more.

These podcast episodes are to educate, inform, and update residents on today's technology world. 

Today's episode is going to educate you on how to recognize and avoid malicious emails. You can listen to today's episode on all podcast platforms, but we strongly encourage you to watch the video demonstration on YouTube. Today's demonstration is just one example of the many technology classes we offer through our Tech@Home program.

Without further ado, we have James Peck, our Tech@Home manager. I hope you enjoy.

Hello everybody. My name is James Peck and welcome to our Tech@Home scams and phishing emails presentation. I'd like to introduce you to some common scams that I see on the day to day and teach you how you can recognize them and avoid them in the future. [00:01:00] So the first thing that you need to understand is the number one rule.

If something looks suspicious on your computer, it most likely is. You need to know how scammers operate. Being informed is the best defense for this because scammers are everywhere. You might be familiar with this from unsolicited phone calls, emails, and text messages. Scammers will hide behind fake names, fake stories, fake companies, and often they operate out of foreign jurisdictions that protect them from facing justice.

So some general advice is be cautious. Don't talk to people that you don't know. This is especially true on social media. Don't share information with strangers. And today, anything that you post or share online can be used against you by scammers, especially if what you post is public to everybody. In the past, you may have been taught to look for red flags.

Check for spelling errors, mismatching fonts, check for robocalls or people who don't sound real, [00:02:00] or just look for lies or false statements. These are a baseline understanding of scams, but today we're going to go over some more advanced computer scams and how to tell what things look suspicious going back to the number one rule. Some common scams that I run into sometimes we'll see IRS scams. So you may receive emails from government agencies especially the IRS. If you get emails from them or if you see something bearing an IRS logo, don't follow the instructions in the email necessarily. What you'll want to do is, you'll want to go navigate to the website of the agency that's sending you the email, and you can log in there.

Typically if it's something urgent, the IRS or any government agency will send you mail so always keep that in mind. And just avoid clicking on shady links or following instructions that don't seem quite right in the email. Another common scam are emails claiming to be from Microsoft. So Microsoft or Windows or Office 365 or anything [00:03:00] else will not send you unsolicited emails about your computer.

Never call Microsoft if you're ever given a phone number or anything like that ask yourself a couple of questions. So when you look at this email on the right here, does the email threaten you? Does it coerce you into doing something immediately? These are all red flags that you should look for when you're evaluating if an email or a message on your computer is legitimate or not.

As you can see on the right here in this example email, it's telling us very plainly that if you don't verify your mailbox, we will force to block your account. Aside from the grammatical errors this is using a sense of urgency. So if you ever feel this in an email or a message don't feel pressured immediately to take action because most likely it is a scam and they're trying to get something from you.

Another very common scam that I see are invoice scams. So these will usually come in as text messages or as emails and they'll bear a logo of a company and the company will be claiming to charge you hundreds of dollars for some service [00:04:00] that you've never signed up for or recognize. None of these are legitimate.

Never call any phone numbers that you see in these emails or reply to the email itself. Most commonly, I see fake emails from PayPal, Amazon, Geek Squad or like McAfee or other antivirus companies. None of these actually originate from these companies and they are just used as a way to get your attention and get you to click on a link or to call a phone number.

If you are actually concerned about anything that's happening with your bank account or your cards, always go to your bank's website and check for unauthorized transactions there. Sometimes these emails will claim that you have 24 hours to do certain things. Again, this goes back to looking for the red flags of creating a sense of urgency or coercion.

If you feel any of these feelings while you're going through these messages, it's most likely a scam.

Next are virus scams. They'll use messaging like your PC is infected, there's a virus in your mailbox, [00:05:00] security alert, etc. Usually they'll have antivirus names and logos plastered on them, like McAfee, Norton, Avast or some others. When you receive these emails, like the one on the right, never click on the links inside them, because you don't know where that's going to take you.

So In this example on the right here, there's an email with some interesting grammatical choices that tells you that " our spider detected five deadly Trojans in your mailbox today." This is not technically correct, and it's something that they're, again, in the next line saying if it's left unchecked, they'll completely shut down your email.

This is far beyond something that is possible of happening. You can ignore this. They're just trying to get you to click on that link down below, which takes you to, in orange, that HTTP scan. avast. com. So this would be an example of a malicious link or a bad link. So what happens if you click on [00:06:00] that? The most common thing that happens is it will open up a website which will display a message and attempt to lock up your computer. One example of this message on screen here, it's the typical Microsoft Windows scam where they say that they've detected a virus and that you need to call a support technician.

This is typically what happens when you click on these links and emails, and then it will really get you stuck. This kind of falls under a category of pop up scams. These will mostly appear if you accidentally click on a link in an email, or click on an advertisement on a website. These have no legitimacy and they'll use buzzwords to create a sense of urgency to call a phone number.

After you call that phone number, which you should never do, they claim to have technicians on the phone who will help you fix your issue. What these technicians actually are professional scammers who sit in call centers and their help is trying to get your banking information and to get money out of you in order to fix a [00:07:00] non existent problem that they created.

Going back to this pop up, if you're having difficulties closing this pop up usually the X buttons won't work or the X buttons and the corners will disappear. You can always go to a trusted peer to remove this pop up from your computer. It's completely benign. They don't actually have any malware or virus put on your computer

after that pops up. It's just simply a little website trick that makes it very difficult to close the window. If the pop up is obnoxious, if it's making beeping sounds, or if it's reading off a robot script you can just hold down the power button on your computer, and you can turn it off, and just take a break until you can get assistance with it.

And another note just for your own information, this is what an example of a real virus detected message looks like. On the right here are two different pop ups. These are from Windows, so on the top is a Windows 10 message, and on the bottom is a Windows 11 message. These are very small windows that will show up on the bottom right [00:08:00] corner of your screen.

These are not emails, and they're not intrusive at all. Windows has a built in antivirus called Windows Defender or Windows Security. And what it does is if it detects a real threat, as they call it, which would be virus or a malware sample or anything like that on your computer it will take action and it will stop the threat.

It does this in the background, it does it without your permission, and it does it for free, which is great. And it will usually use language like ThreatFound, ThreatBlocked. And if you ignore this message, that's completely fine because Windows Defender has taken care of the threat for you. And pop up scams these are a lot more common than these real virus detected messages.

You will probably run into a hundred or a thousand pop up scams before you actually end up with a real virus on your computer.

So this takes us into the second half of this presentation, which is identifying phishing emails also called scam [00:09:00] emails. How do you identify these? What we're going to go over is how to check the domain of the email. We're going to go over what that means and how to do it. Every organization has a domain name.

And usually a domain name is the same thing as a website URL. For example, Microsoft, the company, owns Microsoft.com. If you visit Microsoft.com in a web browser, this will take you to their website. Amazon, likewise, owns Amazon.com. Harvard, for example, has harvard.edu. So your domain is typically a name dot something.

Usually it's dot com. That's the most common, but it can change depending on the company organization or institution. And likewise, emails have domains too. And you can use these domains in the email to judge the authenticity of the email that you receive. 

First, you're going to open up an email and in here you can check the sender's address. The sender's address can usually be found at the top of the email. It will show maybe the name of the person [00:10:00] who sent the email and usually you'll see a string of something at something. com and if this doesn't show up you can click on the name of the person who sent you the email and it should reveal their email address.

So ask yourself, when you see this sender's email address. Does the domain match who the sender claims to be? So let's look at an example of what I'm talking about. So here would be an email address from john.smith@parasolalliance.com. So that first part to the left of the @ symbol is the name of the sender.

So John.Smith. And to the right of the at symbol is the domain, ParasolAlliance.com. So in this, john.smith@parasolalliance.com, this is your entire sender's address and it's just someone else's email address who sent you the email. So you can look at this and go parasolalliance.com is the associated domain to the Parasol Alliance company.

So this came from Parasol Alliance and [00:11:00] probably from someone named John Smith. And you can use this information for every email that you receive. And you can check the sender's address and try and make sense of it. So another example the fraud department at Chase Bank. So their email address is fraud at chase.com. So again, on the left of the @ symbol is fraud. So referring to the fraud department and then the domain is chase.com. So when you see an email from this. You can just ask yourself, is chase.com the official domain of Chase Bank? In this case it is. So you can be assured that this email came from Chase Bank.

So let's look at some examples of things that are not from Chase Bank. So for example in the top here, you can see fraud chase, some numbers .com, at gmail.com. First of all, gmail.com is not the official Chase Bank domain, so you can write off that email immediately as being suspicious [00:12:00] or a phishing email.

Another example, fraud@realchasebank.com. In this case, the name on the email is correct, which is fraud. But the domain is not correct. It's not realchasebank. com. It is chase .com. And a third example, FraudDep@ and then a bunch of letters. net. Again, that domain name is not chase. com. So you know that all of these email addresses did not come from Chase Bank and you can ignore them.

So let's look at some examples of emails here. This is a very easy example of a scam email. It's obnoxious and in your face. They use emojis and the subject line on the top there and lots of capital letters and exclamation points to get your attention. Just on the premise, you're never going to receive free money in your email.

Likewise, this is a good example to take a look at who sent the email to you. So under the subject line in the second blue rectangle is the fake email address, [00:13:00] which is who sent you the email. So they give you a long nonsensical email address that sent you the email. And if you see something like that, just delete it immediately.

It's all spam and they're just trying to get you to click on a suspicious link. So let's look at some examples that are less obvious. Here's an email pretending to be Chase Bank. We're going to pick on them frequently throughout this presentation. And just based on the body of the email itself, it looks legitimate. They bear the Chase logo, the English and the grammar used in it is correct, and they list some transactions there in the middle of the screen.

So they show several hundred dollars that was approved and declined. And then in the subject line, they show activity of your debit card on a specific date. Now this email may look legitimate, but there's one easy thing that you can get to, which is checking the domain. So as you can see on the top here, this comes from the sender named Chase Fraud Alert.

But [00:14:00] the domain is admin@vagaro.com. Like we said, does the person who this email is claiming to be match the sender address? In this case, not at all. We don't know who vagaro.com is, it doesn't matter. If they're claiming to be Chase, we know that it's a scam and we can immediately ignore this email and delete it. 

So another scam that is very common is USPS or shipment delays coming through emails and text messages. So here's an example of an email pretending to be the U.S. Postal Service and they're explaining how your package wasn't delivered on a specific date. Now in this email, you can see it's just a pipeline to get you to click on a link, which will take you to a bad website.

 You do not want to do this. We'll get into why later, but up here, just going back to checking the domain of the sender. You can see it comes from somebody on the top there called U.S. Postal Shipping. And then we see a very suspicious. Sender [00:15:00] address there, just lots of random letters and numbers @ a bunch of random letters.

Nothing that came from anything that says @usps.gov or the official USPS site. Again, you can completely ignore this.

So why don't we click on links and unknown emails? Links or buttons and emails can take you anywhere. So for example, we have www.google.com. You can see that it's underlined there, and that means that it's a link. And if you click on that, it will take you to a website. Now, just because the link text says google.

com doesn't mean that it's actually going to take you there. In fact, it can take you to any website that it wants. So there's another example below it where it just says, Please Click Here and it's underlined. If you click on that, it will take you to a website. Most commonly, these links will take you to what are called fake login pages, but I'm getting ahead of myself.

Let's take a look at what this looks like in an [00:16:00] email. So here is an example of an email that went out that they give you a reason to click on something. And if you click on it, it will take you to a website. So you can actually figure out where these links are going to take you by hovering your mouse over them.

Do not click on the link, but if you hover your cursor over that kindly click here or any button in the bottom right of your computer screen. There will be a small bit of text that shows up, which will tell you the website that you're going to travel to if you click on that link. So in this example, if you hover your cursor over kindly click here, it says that it's going to take you to udelsecure.jimdo.com. So this is just an example domain for this email, but that's how you would do it. So if you do click on one of these links, one common thing that will happen is it will try and show you what's called a fake login page.

So fake login pages are a way for scammers to steal your. [00:17:00] Passwords and your usernames to accounts without you even realizing it. So in this example, you will be landing on a page that's called Office 365 login. It will look like a legitimate login page if you aren't paying too close of attention, but there are some signs that this is not legitimate and you should not enter your information into this website.

So first is checking the domain of the website. So at the top of your web browser there it says that this is bdshelton. com. So this is not office. com. This is not microsoft. com. So because this doesn't match what the login page is posing to be, you immediately know that this is a fake website and it's very dangerous for you to put your information in here because scammers will control the site.

They will take your email and your password that you type into that box and they will turn around as soon as you send that information to them, sign in as you, and they will steal your account. This happens all the time to individuals and [00:18:00] organizations. So it's very important that you understand that this is a common scamming method.

And this is how you would look for it.

So another example of a scam email is this one. So this comes from an email called corporate@rightspaceme.com. Regardless of the sender address in this email, it actually has some personal information in it. Now, just because an email includes some of your personal information doesn't give it legitimacy.

So in this email, it's been redacted, but it would show the person's full name and an old address that they've used. And it has a big flashy button that they're trying to get you to click on, and it would take you to a suspicious link or a bad link. In this any kind of email like this that uses your personal information, it to try and get you to do something, disregard them, delete them, mark them as spam and avoid them at all costs. Some key takeaways here. Slow it down. So your scams are often designed to create a sense [00:19:00] of urgency. So take the time to ask questions and think things through spot check. So do your research to double check the details that you're getting does what they're telling you make sense in the email. Again, going back to some of those scams, some things seem nonsensical and some things that they tell you might not be standard protocol, so you always want to be aware of that.

 If there's people asking you to do things, just stop. Don't send things immediately. So no reputable person or agency will demand payment or your personal information on the spot. This again goes back to the Sense of urgency and red flags. This information was taken from a Google spokesperson to Fox news.

And that is the end of our presentation today. So thank you everybody for attending and we hope to see you on the next one. Thanks. 

You can find us online at RaisingTechPodcast. com where you can see all of our episodes and contact us to provide feedback or submit an episode idea. We are on social media everywhere at Raising Tech Podcast. [00:20:00] If you enjoy Raising Tech, please leave us a review and share with a friend. Music is an original production by Tim Resig, one of our very own Parasol Alliance employees.

As always, thank you for listening.

 

People on this episode