Google, and let Russians steal thousands of sensitive political emails. In the same way, hackers obtained private photos of celebrities like Kate Upton and Jennifer Lawrence by sending them password reset requests that appeared to be from Apple.
Get Data Sheet, Fortune‘s technology newsletter.
And it’s not just famous people. More and more, scammers are targeting corporate employees with emails that appear to be from their boss. Or they will get into one person’s email account and send messages to everyone in their contact list with a suspicious link. Once again, because the email is from a known sender, people are more likely to fall for it.
So how can you avoid falling for a phishing scam? In the case of companies, many of them use phishing-detection from cyber-security firms like FireEye or AreaOne, which can screen out suspicious emails—such as ones that appear to be from the SEC—in the first place.
As for individuals, there are often a few clues that an email is a phishing attempt. For instance, misspellings or odd grammar are a big giveaway. And the document or that the hackers want you to click will usually show something odd such as extra letters. If you see any of these red flags, delete the email or find another way to check if the sender is real.
But the biggest defense to phishing is common sense. Ask yourself, for instance, why you’re getting an email to reset your password out of the blue. Or be skeptical about an email that appears to be from a friend or family member asking you to click on a random link.
Ultimately, we can’t defeat phishing altogether because it relies on human nature and our natural curiosity. That’s what makes it so effective—and so dangerous.
Article source: http://fortune.com/2017/03/16/email-phishing-scams-faq/