So how are customers supposed to know the difference between a legitimate notification and a phishing one? Using the tips below, consumers can be more aware of some common email scams.
- Check the send from address – in this case, the email was sent from email@example.com which looks like a very legitimate email address. However, the postal service’s website is www.usps.com not .org. Just by checking the URL before opening the attachment, a red flag would go up about this email.
- Hover over links – many phishing emails will encourage you to visit their website and may even show a legitimate URL in the body of the email. However, when you hover over the link or address in the email (don’t click on it, just hover your mouse over it), you’ll often see that the URL is actually directing you to a completely different site. This can be a sign that the email is in fact, a phishing attempt. As a side note, plenty of legitimate companies will have links in their emails that do not look legitimate too. If they are using an email marketing program to send their emails or to track clicks on any given message, the URL could look strange to the end user. So this isn’t a sure fire way to tell that an email is a phishing message.
- Seek out a trustworthy source – if the email is coming from someone like your bank or credit card company, the notification should appear in your email as well as in the secure section of their website. Instead of clicking on a link in an email, go directly to the company’s website using your browser. Then login and look for the notification in the messages from the company.
- Look in the “to” address – in the example below, you’ll see the words “undisclosed recipients” in the “to” field. This typically means it was sent to multiple people and the addresses have been placed in the BCC field. Typically, a legitimate notification will show your name or email address in the “to” field.
- Use common sense – if you aren’t expecting a package, or have not done business with the company that is sending you the notification email, then there is a good chance that the email could be a phishing attempt. It is unlikely that you have a fifth cousin in a far off country that needs you to send your banking account information in order for them to wire you millions of dollars (but hey, it could happen!). Before you blinding click on a link or respond to an email, stop and think about the email itself.
Here is what the USPS phishing attempt looked like: