Do You Know the Preferred Tool of Online Criminals?

A really good thing is to use different throwaway addresses for banking etc.

A quick check of which of your addresses a message is sent to may immediately rule out the real entity.

Still follow all Bob's sound advice also.

You wrote "think twice before you click". It would have been better "Never click".
I simply do not open any emails without first checking the address, and even from friends I know I prefer to write a fresh email rather than "reply".
I probably miss the occasional email from a genuine source, but that's too bad.

I use Thunderbird for reading my email. It does offer some security beyond what you get if you use a online access, like at Google.com.

I can, without even opening an email, just selecting it, hit CTL-U, and see the complete email as it came in. That includes all the headers, source of the body, and so on. A quick romp thru that will show up things that aren't what they seem. And, learning to read the headers isn't that difficult and can really show where a message originated.

I'll second the idea of using throw-away addresses. And, by using an email client on my computer, my address book is local -- less chance of being hacked and used by bad people.

Use Code words with family members; words that mean nothing to anyone, such as "picnic" (because something funny happened at a family picnic 20 yrs ago).

Picnic: Link to a Youtoob video

If you see a Link from family without a Code word, don't click on the Link; and get confirmation from family member.

I should add:

Purge email addresses from emails you forward, and use BCC where possible for distribution lists.

Make the spammers work to compile email lists to send to! The less your email address is floating around on the web, the less chance the spammers will have it to use.

Usually to enter my Accounts at Chase Bank, I just had to give my Used ID and my Password. Now Chase has added another step. They send me a Code on my smartphone. And I need to enter that Code to see my accounts. So if someone did steal my Used Id and my Password they cannot access my accounts without the code.

I'll start by saying that I treat everything that comes from the Internet with the same degree of caution and skepticism. When I was little, my Mother taught me to not trust strangers because I could never know their intent. When I grew up, that entire concept was branded "Stranger Danger!", and I taught my children all about it too. Today, I use what my Mother taught me, and I taught my children, with regard to the Internet. Everyone you encounter on the Internet is a stranger until you can properly confirm their identity. Everything you use on the Internet is created by strangers, and is not to be trusted until you can confirm the intentions of those who created it. The safest thing to do on the Internet is to start with an attitude of Zero Trust, or what I label as Cognitive Security.

The basic rules are simple.

1. Avoid unknown websites.
2. Always check the URL in any link to make sure it matches what you read on it's label, or don't click.
3. Remember that email comes from the Internet, and should be treated with the same level of skepticism as anything else from there.

As a rule of thumb, I seldom (if ever) click links in email messages, or for that matter, on webpages. When I receive any email message, the first thing I do is look at the header to identify where it really comes from. If the purported sender does not match what I find in the header, I move the message directly to the spam folder. This usually rules out better than 99% of all the spam that seems to get through my email account provider's spam filtering system.

For the messages that pass my first test, I never click any link without checking it as noted in number 2 above. If a message purports to come from someone I know, I contact them to confirm they sent the message, and even then I check any links as noted in number 2 above before clicking. If the message purports to come from a business or any other entity I interact with (including my bank, Amazon, etc.), I never click any links in the message. Instead, I go to the purported website using my web browser, then I look for whatever the link was supposed to take me to. If I can't find whatever it was, I delete the email message, but I never click the link because I don't trust businesses any more than I do anything else on the Internet.

These are what have kept me safe on the Internet since the late 1990s when I contracted a virus on my IBM-compatible PC from downloading a file from a BBS site I connected to using a dial-up phone modem. That was a real lesson for me. After I got rid of the virus, I got an antivirus program, and checked every file I downloaded going forward. As malware has become more sophisticated, so has my anti-malware behavior to the point that i now brand it as "Cognitive Security". While I keep my computers as secure as possible by using all the tools my OS provides, and by keeping my OSs as up to date as possible, I have found that a healthy dose of skepticism is at least as important as any security software I can install on my computers. This goes for everything from the Internet, including email,

Ernie (Oldster)

A big mistake I made was clicking on “This email is from a mailing list, click here to be removed “

If banks and other websites would stop including links in their warning emails, that would help a lot.

If everyone knew that Chase bank would NEVER include a link in their emails, then pfishers would be stopped dead. I simply cannot understand why these critical websites still send texts and emails with included links!!

They will tell you never respond to a phone call claiming to be from them, instead call the number for customer service on your credit card or account, but they still put links in their emails, so people are tempted to click thinking they MIGHT BE legit.

Wake up, Chase, US BANK, Facebook, STOP INCUDING LINKS IN YOUR TEXTS AND EMAILS!

should we click on links in this email, how can we be sure it came from ask Bob?

Howard:

If you hover your cursor over the link, and see something that starts with:
https://askbobrankin.com/do_you_...
you are probably OK. But if it starts with:
https://askbobrankin.com.ru/do_you_...
or:
https://askbobramkin.com/do_you_...
you might be VERY careful!

@howard,

Check the URLs associated with the links in any email message. The ones in the Bob Rankin newsletters will start with "https://askbobrankin.com/". If it starts with anything different, it's a fraudulent scam. If nothing else, you can ALT+Click the link, then choose 'copy link' in most web browsers. It's what works in Firefox anyway.

I hope this answers your question,

Ernie (Oldster)

The security steps, which I take regarding my computers, along with their operating systems, applies to my cell phone as well. I receive a lot of spam text messages from banks that I do NOT have accounts with. Also, regardless, if any text message is from a trusted source or spam, I NEVER "click" on any of the links. I will always check any sites on my computer to determine what is authentic or not. I appreciate Ernest's comments. Too many shady characters are out there in the cyber world. Thank you Bob for another informative article!