When in Doubt, Play it Safe

It can be difficult these days to quickly identify whether a message is spam or not. Sure, some are dead giveaways: Emails that get your name wrong; texts riddled with typos and grammatical mistakes; calls from services you don’t subscribe to. However, others are more sophisticated, copying legitimate design cues to trick users into thinking their alerts and websites are
October 18, 2022
 / 
meritsolutions
 / 
Image

It can be difficult these days to quickly identify whether a message is spam or not. Sure, some are dead giveaways: Emails that get your name wrong; texts riddled with typos and grammatical mistakes; calls from services you don’t subscribe to. However, others are more sophisticated, copying legitimate design cues to trick users into thinking their alerts and websites are to be trusted.

Let’s say you receive a security alert from a known company informing you someone attempted to log into your account, and you’ll need to change your password by clicking here to protect yourself. Sure, the alert could be legit, but let’s play it safe.

To start, check the message thoroughly: Is everything spelled correctly? Does it really read like something the company in question would send you? If so, proceed to the email address. If you open the email on a computer, click the name to reveal the full address. It’s easy for bad actors to disguise their email with an official sounding name, but the address will always show who they really are.

Next, the links. Hover your cursor over any links to reveal their true URLs. If there’s any funny business here, especially when the email is purportedly coming from a place of security, don’t risk it. A good sign, though, is if the sender’s official website is in the URL (i.e. https://meritsolutions.net).

If there’s any doubt, however, go the manual route. If the claim is your account’s security is at risk, log in yourself, without clicking the links. That way, you don’t risk clicking on spammy links, or falling into any traps. A common phishing tactic is to send phony links to victims that pull up a fake version of the site you normally use. When you enter your login information as you typically would, the scammers scrape that data and use it against you.

If there are any issues, you’ll be able to review them yourself, and change your password accordingly.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.