SHARE THIS

Today I received a phishing email (supposedly from Capital One). It reminded me that there are still many people who are fooled by them and continue to lose money to Internet thieves, or have their computers compromised.

I’m going to take a few moments and give you some pointers on how to recognize a phishing email and what you should do to avoid being ripped off, or having your computer infected with a virus or malware.

How to Spot a Phishing E-mail

Here are some potential indicators of a fraudulent e-mail:

1. Sender’s e-mail address—to give you a false sense of security, the “From” line may include an official looking e-mail address that may actually be copied from a genuine one. E-mail addresses can easily be spoofed, so just because it looks like it’s from someone you trust, you can’t always be sure.
2. Attachments—e-mail attachments may be used in fraudulent e-mails and if opened could download spyware or a virus to your computer. Use caution when considering clicking a link or opening an attachment presented in an e-mail. If you receive an e-mail from a company with a suspicious link or attachment, do not open the attachment and contact them directly.
3. Generic greeting—a typical fraudulent e-mail will have a generic greeting such as “Dear Account Holder.”
4.  False sense of urgency—Fraudulent e-mails may threaten to close your account or assess some penalty if you don’t respond right away. An e-mail that urgently requests you to supply sensitive personal information is to be considered highly suspect.
5. Typos and grammatical mistakes—such mistakes are a dead giveaway of fraudulent e-mails.
6. Fake links—many fraudulent e-mails have links that look valid but send you to a spoofed site that may or may not have a URL different from the link. Always check where a link is going before you click. If the link appears to be suspicious, don’t click it. Even if the suspect e-mail looks legitimate, you should still NOT click the provided link in the email.

Unless you are expecting an email from a company, or banking institution (possibly as a follow-up from a phone conversation) you should NEVER click a link contained in an email that requests you “update” or “fix” your account information.

If you have any suspicion that the email isn’t legitimate, simply call the company, or your banking institution directly (using a known legitimate phone number – do not assume one provided in the email is legitimate). If there is a problem with your account they will be able to discuss the issue with you over the phone.

Below is a screenshot of the body of the actual phishing email I received today. I highlighted 4 “clues” that made it easily recognizable as a fraud.