Keeping yourself safe from phishing threats
Phishing is an e-mail fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites.
Below is a list of ways you can detect a phishing email and avoid them.
On the From line:
– Do you recognize the sender’s email address as someone you regularly communicate with?
– Is the email address spelled correctly? Look for character substitutions that may look correct, but aren’t (for example, using “rn” instead of “m” or uppercase “i” instead of a lowercase “L”)
– Is the email from a company or organization that you do not do business or have a relationship with?
– Is the email address suspicious? For example, a phishing email claiming to be from apple may say @apple-support.com, which is not used by Apple.
On the To line:
– Was this email sent to an unusual list of people? For example, people you do not know or a strange set of names in alphabetical order?
– Were you CC’d on an email to one or more people that you do not know personally?
In the Subject line:
– Is the subject relevant to the content of the email?
– Does this appear to be a reply to a message I never sent?
In the Body of the email:
– Does the body include a hyperlink (a web address, for example: www.lcbt.com) that you do not recognize?
– Does the email include an attachment?
– When you hover your mouse over the hyperlink that’s displayed, does the address displayed match the one that is typed out?
– Is there anything in the body of the email besides a link?
– Is the hyperlink to a misspelling of a known website? For example, www.1cbt.com instead of www.lcbt.com.
– Does the sender acknowledge any attachments on the email?
– Does the email ask you to click a link or open an attachment to either gain something of value or avoid a negative consequence?
Other red flags:
– Did the email come at a strange time or on a strange day? For example: something sent at 3 a.m. when the sender wouldn’t normally be up at that time, or a business email sent on a Sunday.
– Is the email out of the ordinary?
– Does the email contain bad spelling or grammar?
– Does the email request things that are odd or illogical?
– Does the email claim to have attached or link to a compromising or embarrassing picture of you or someone you know?
Whenever you are in doubt about an email, it is important that you do not open the attachments nor should you click any links.
If the email claims to be from someone you know, contact them by phone, or through the email address that you usually use for them. Do not reply to the suspicious email – you may get a response from the hacker trying to entice you to open other files or links.
If the email claims to be from a business or organization, visit their website (NOT by clicking a link in the suspicious email). Manually type it into your web browser. Alternatively, use a published number to contact the company and ask about the email.
And ALWAYS, when you receive an email requesting money, contact by phone the person making the request to make sure that the request is valid.