Don’t be a phishing victim. Hackers send malicious links via Google Docs.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 11 January 2022, 2052 UTC.

Content provided by “”


Please click link or scroll down to read your selections.

Trouble viewing this email? View in a browser
PCMag SecurityWatch
Don’t Get Caught! How to Spot Email and SMS Phishing Attempts
I checked my email over the weekend and amid the usual promotional messages, reader letters, PR content, and obvious phishing attempts in my inbox, there were a few emails related to my YouTube account. Recently, Google warned that hackers were sending phishing emails to YouTube creators, offering antivirus software in exchange for a review on the channel. The antivirus was in fact malware designed to steal passwords and browser cookies, which can also hold login credentials.

Opening Cold Emails in the Phishing Age

Just to be safe, I didn’t open the messages or click on any links in the YouTube-related emails, but it occurred to me that identifying legitimate contact is difficult in the age of frequent phishing attempts. PCMag lead security analyst Neil J. Rubenking wrote about this quandary recently, after helping a friend figure out whether an email purporting to be from Facebook was a phishing lure. In the end, that email turned out to be a real marketing message from Facebook, but he had to go through through several steps to determine the message’s legitimacy.
Facebook keeps a list of verified correspondence in the account area of your profile, so it’s easy to match emails you receive in your inbox with the messages you see from Facebook in your account. But what if you want to verify that an email came from someone you know and contains safe links? The US Federal Trade Commission offers a few steps you can take to stay safe.

  1. Look at the From email address. If you don’t recognize the address or the sender, think twice about opening any links contained within the email.
  2. Spot a generic greeting. A business email usually won’t begin with a casual greeting such as, “Hi Dear.” An email from a friend usually won’t spell your name wrong or address you with an honorific like “Mr., Mrs., or Miss”.
  3. Look at the link URLs. Mouse over links before you click on them. Your browser will reveal the web address for each one. If the link looks suspicious (for instance, a link purporting to be from Netflix takes you to an entirely different domain), don’t click on it! Delete the email or report it as spam and move on.
  4. Be wary of any emails that invite you to click on a link to update your payment details, update your account information, receive a coupon for free stuff, or include an invoice you aren’t expecting.

How to Combat Email Phishing Attempts

Even the most vigilant email user can be caught unaware by a malicious link in an email. Add extra layers of protection to your online life so you can mitigate the damage done by scammers.

  • Use security software. The best antivirus and security suites have phishing protection built right in. Set the software to update automatically and run in the background to protect you from phishing attempts.
  • Use multi-factor authentication everywhere you can online. Even if a scammer manages to get a hold of your username or password, if you set up multi-factor to be something you have (a hardware security key or an authenticator app passcode), or something you are (a scan of your fingerprint, retina, or face), it’s harder for the bad guys to log into your accounts.
  • Back up your data. Copy your important documents and information regularly and store them on an external hard drive or with an online backup or storage service.

Get this from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.

If you buy something from our links, we may get a commission from the sale. Learn more here.
25% off H&R Block Online Tax Filing
 Start for FREE

Phishing on Your Phone
After chatting with some of my PCMag colleagues about phishing, they noted they’ve been plagued with SMS phishing attempts recently, also known as “smishing.” Above are some examples of smishing, one is an attempt I received last year, and another that a coworker received recently.

 If you aren’t careful, these types of messages may fool you into giving up valuable information about yourself or downloading malware onto your phone.
Both messages came from an unknown phone number. Both requested action related to a finance-related problem, and both contained suspicious links. The first message is from an unknown company about a product I’ve never purchased, and the use of the link shortener is a common way for smishers to encourage their victims to click. The Citibank message is worrying because the link address is slightly off, featuring a dash instead of a period between “support” and “citi.”

For years, security researchers, including Andrew Conway, have noted that SMS spam could be curtailed by mobile carriers if they stopped offering unlimited texting plans. Until that happens, the best way to fight back against mobile spam in the United States is to forward the messages to short code SPAM (7726).

Stay safe,
Kim Key
PCMag Security Analyst

What Else is Happening in the Security World This Week?

Raspberry Pi Uses Electromagnetic Waves to Detect Malware

How to Figure Out If Your Phone Has Malware

What Is the Log4j Exploit, and What Can You Do to Stay Safe?

Browse Privately with the Top VPNs for Businesses and Teams

We Review Bitdefender Antivirus Free Edition

Want more deals like these delivered to your inbox?
HP Pavilion 15 AMD Ryzen 7 5700U Eight-core 15.6″ 1080p Laptop w/ 512GB SSD
$749.00 $599.00

Dell Vostro 5890 Intel Core i7-10700 Desktop w/ 256GB SSD
$1,241.43 $709.00

32″ Dell S3222DGM Curved 2560×1440 QHD 165Hz 2ms Gaming Monitor
$529.99 $299.99

Lenovo Legion 5 AMD Ryzen 5 5600H 17.3″ 1080p IPS Gaming Laptop w/ Windows 11, NVIDIA GTX 1650, 8GB RAM & 256GB SSD
$909.99 $649.00

3 Color Options Comfort Zone 1200W Ceramic Electric Fireplace Heater
$47.98 $23.98

All product and deal information such as discount, price and availability are believed to be accurate as of the time of publication. Please verify these details with the merchant site and check the merchant’s terms and conditions before you buy. Publisher is not responsible for errors or omissions.

For the latest cybersecurity news and information, please check the blog sidebar and links.

Russ Roberts (