TORONTO – Canadian consumers who have shopped at the Home Depot should keep a watchful eye on their inbox.
The company said Thursday that the hackers responsible for stealing 56 million debit and credit cards between April and September also got a hold of 53 million emails addresses.
Home Depot said Thursday that the file containing the email addresses did not contain passwords or other sensitive personal information; however the company said consumers should be on the lookout for phishing scams that may trick them into sharing personal information.
READ MORE: Cyber-attacks to increase over the next decade, says study
Phishing scams are a type of online identity theft. Criminals use fraudulent emails and websites designed to steal user data. But they can be difficult to spot if you don’t know what you are looking for.
Here are some best practices when it comes to recognizing and avoiding phishing scams:
Don’t be fooled by official logos
One of the most common ways that phishing scams will try to fool you is by using official company logos or insignias. In some cases, the email address or web address may look close to the company’s name, but is slightly altered or off by a letter.
Often times these messages will try to trick you into providing account information, passwords, or even credit card information by using common phrases like “Verify your account,” or “Reset your account.”
In the case of Home Depot, cyber criminals are likely to use the threat that your security has been compromised due to the hack – but don’t believe everything you read.
Watch out for poor spelling and grammar
An easy way to spot a phishing scam right away is by reading the email thoroughly, watching for bad spelling and grammar.
Phishing emails are notorious for obvious spelling mistakes. Remember, major companies like Home Depot would have a copy editor looking at these emails before they are sent to customers.
Check links before you click on them
This tip is especially important: Never click on a link included in a suspicious email.
Often attackers will use a legitimate web address in the hyperlinked text of the email, but once you click on the link it takes you to a malicious website.
But, if you hover your mouse over the link – without clicking on it – a small yellow box will appear showing the actual web address the link will take you to. If the link doesn’t match the hyperlinked text, it’s likely malicious.
Note: In some browsers, like Google Chrome, the yellow box will appear in the bottom left hand side of the window instead of directly below the link.
According to Microsoft, some of these links may lead users to .exe files, which are often used to spread malicious software.
As phishing scams become more sophisticated and harder to spot right away, it’s best to be proactive when it comes to online security.
This means making sure your web browser software is up to date, ensuring that its security features are protecting you against the latest discovered vulnerabilities. This means you should use a browser that has good security functions.
READ MORE: How to protect your computer from malware
Google Chrome, for example, uses two main security features – the Safe Browsing API site list, as well as a feature that confines infectious programs to the open browser page, preventing the virus from spreading to the computer, if the user comes across a dangerous site.
You should also use some sort of anti-virus software on your computer.
If you do receive what you believe to be a fraudulent email, you can report it to the Canadian Anti-Fraud Centre.