Avoid unknown links/email attachments even from people you may trust. Hackers can imitate someone else’s email address to attempt to trick you into clicking a link to something harmful, otherwise known as email spoofing. Always check the domain that an email is sent from (the part after the @ sign) and make sure it is not suspicious. If an email seems even a little suspicious, you can also always hover your mouse over a link to see where it goes. If it does not go to where you expect it, do not pursue it any further.
If only they were always this easy to spot!
Another common tactic is to send an official looking email with some helpful looking advice, or maybe a threat. For example, in one case we dealt with, a user received an email that told them that their machine was already infected (when it really wasn’t) and that they needed to delete some files to get rid of the virus! Who doesn’t want to delete viruses off of their PC? Unfortunately, the user fell for the hacker’s trick and began deleting things, which were critical system files, on several machines, corrupting their operating systems which required them to all be rebuilt (very expensive!)
Many may also be familiar with the fake emails that go out around tax season threatening jail or fines if money is not sent to a link in the email. These types of attacks, designed to be effective not through breaking into your computer or actively harming you, but rather by getting you to do the work for them, are called social engineering attacks and are some of the most effective because they aim to convince us that what they want us to do is in our best interest. If you’re not sure, be sure to ask an IT professional before doing anything, ESPECIALLY before paying someone money. Remember to never send out personal information in an email. Legitimate banks, government agencies, and other businesses will not ask for it this way.