Have you ever received an email that claimed to be from your bank, a company, or a government agency—but something about it just didn’t look quite right? The act of sending emails meant to trick unsuspecting recipients into revealing their personal information, compromising their computers, bank accounts, or insurance information is called “phishing.”
Cyber criminals go to great lengths to make a phishing email look legitimate. Luckily, there are some clues to help you spot a scam before you become a victim.
Check the email header.
This tells where the message originated. Typically, an email header begins with “Received” and includes the sender’s domain and IP address. The “received” information should match the company or sender the email claims to be from.
Check any embedded links.
Links in the body of an email message usually appear to be valid at first glance. In a fraudulent or malware-delivering message, however, the hyperlinked address is often different from the address the link would actually take you to.
Check the domain name.
Criminals also use fraudulent domain names to trick their victims into thinking a message comes from a legitimate company. Remember that the last part of the email address must match the company’s domain name. For example, an email from IDWise that comes from “email@example.com” is legitimate; an email purporting to be from IDWise but coming from someone called “firstname.lastname@example.org” is probably not. (Although few cyberthieves will make it that easy to spot!)
Read the body of the email carefully.
Does the letter start with “Dear valued customer” or use some other generic greeting? Are there grammar and spelling mistakes? Does the email ask you to send money or supply personal information? All of these are clues that the sender might be up to something fishy.
Check your records.
If you’ve previously had email contact from the company named in the suspicious email, look over your prior communications and compare them to the new message. Do the writing styles, links, and domain names all match?If you’re still unsure whether an email is part of a phishing scam—even if you’re just the least bit unsure—the best course of action is to simply call the company and verify. A few minutes of caution now might prevent a huge hassle later!