Phishers, shmishers and other bad actors on the internet are getting really good at disguising themselves. They’re learning English better, designing their graphics better and even spelling better.

All of this means is that you need to start reading your emails more closely before you ever open them. Whether you’re using Microsoft Outlook or Gmail, the attack strategy is the same. We’ve warned for years and years that scammers rely on you being distracted or trying to do too much in too little time.

But now, the hackers are getting better at combining better language and graphics with holes or workarounds they find in website security systems. It’s not a new problem, but it’s becoming more widespread. ZDNet has an extensive article on how it affects Google and Gmail, but the principles are similar for Microsoft and Outlook. You need to take a close look at every email address for incoming email and every address or website link before you click on anything.

In the article, there was an example of how an email looked like a normal Gmail message, and it had links to what realistically looked like a legitimate Google support site. But a closer look revealed that it went to a Google Sites website. Google Sites is a free, web-based platform from Google for creating websites. It’s particularly useful for internal team sites, project hubs, or public-facing websites, and hackers have uses for it, too. A link to a Google Sites website came from no-reply@google.com, which is a legitimate but spoofable email address. The hackers or creators of that site were able get through some authentication workarounds to bypass safety measures used to stop this sort of attack.

You can see where this is going. One tech industry solution would be to require stronger forms of authentication or more authenticators. But as we’ve said over and over again, you need to take matters into your own hands.

In your email client, you can hover over the address that the email comes from and see who it’s really from. Even if you have opened a particular email, you can slowly and carefully read any email address or website link to see if it raises any suspicions. One thing that should raise a yellow or red flag is an urgent call to action, such as uploading a file or clicking a link to investigate a problem. A Google Sites website will have Google in its URL, and that could be a trap. Not to pick on Google, but any fake site can use a legitimate domain variation to snag you.

Here’s one checklist to help you spot a fraudulent email or website:

1. Beware of any email that urges immediate action and tells you might face negative consequences.
2. Check the “from” and ” to” email addresses. If the ” from” domain isn’t the actual company or the “to” recipient is not you, it’s likely a scam.
3. Avoid clicking on links in the email and look at the context. Would Google send you a legal complaint and direct you to the Google Sites domain? We don’t think so!
4. Run an online search for the content of the email to see if others have reported it as a scam or received a similar email.

If you think you may have clicked on a malicious website or may have downloaded some malicious software, call us immediately at 973-433-6676. We have tools to see what is on your computer and to remove the malware from your system.