Post-Pandemic Phishing Pranks
In today's world, phishing emails are as common as unsolicited marketing email. Today's "hacker" isn't going to break the security of your firewall or your computer, they're trying to hack you and your co-workers. Human nature makes us click on links that seem to be something we want, or from someone we know. We can convince ourselves that the email address being wrong is explainable, or that the weird domain that shows up when we hover over the link is likely all right. And, it doesn't help that our banks, and government, and vendors, send us email through email blast sites that create weird, non-human-readable links to our invoices, and to documents we've requested. We use the same tools ourselves, to send invoices, marketing materials, and white-papers, to clients who need those things.
But, pay attention to the links you receive, and always be skeptical. When something on the email you've received doesn't look right, it's probably on purpose. The scammers today send emails that aren't perfect, they introduce errors to weed out the smart, and careful, people who would be a waste of their time. They want the gullible, the hurried, and the impatient. Those are their ideal customers.
"The link seemed harmless. It was an invoice payment link from a vendor. Except that it wasn't. It was a link to a google doc, which contained a PDF, that had a script that quietly opened a process on my computer. A few hours later I started getting some odd error messages when I tried to open a document on my computer, and I quickly discovered that all of my documents generated the same error. So, I rebooted to clear the problem, and when the computer came back up, a message popped up telling me that my files had been encrypted, and I would need to pay $700 in bitcoin within 24 hours, if I wanted my files back."
I'm sad to say, I've heard this story a few times. There is no security software that will protect you completely. The bad guys always get to move first, and they buy the same security software available to you to test their nasty software against, so they can find a way through before releasing their nastiness into the world.
Unless you know that an email was sent by a trusted source, don't click links. Don't open attachments. It just takes a minute to confirm that your client/vendor/partner was the one who sent you that email. If the email address it's coming from is wrong, there is a good chance it's not what it seems. If the phone number in the address block goes nowhere, or somewhere else, it's likely faked.