Not every email scam is as easy to detect as the “You’ve won a kajillion dollars!” email. Sometimes email scams or attacks look like very legitimate messages. Here are some tips for staying secure when reading the messages in your inbox.
1. Be aware: It’s important to understand that it’s super easy for someone to make an email message look legit — for example, an email that says it’s from your bank or someone you know. If you want to be safe, to see if the message you’re reading might not be for real, then always follow the next two steps.
2. Be smart: If an email requests that you send any private information, such as a password or an identification number, there’s an extremely good chance that there’s a scammer behind it. Mark the message as “junk” and delete it. If there’s an attachment and you’re unsure, don’t even open it.
3. Be cautious: If there are links in an email message, take some extra steps before clicking.
- Place your mouse over the link and look in the bottom left of your browser window. Sometimes email marketers use links that look funny in order to get click numbers. But other times, it’s very obvious that the URL isn’t what you think it is. If you’re expecting to go to your bank’s website, but the URL begins with www.kittensaresocute.com, then you’ll know right away not to click. It may not always be that obvious, because scammers get more tricky all the time, but some don’t expect you to even check. You can even look more closely to see if anything is spelled incorrectly, such as www.paypall.com (with two Ls instead of one), another sign of a scam.
- If you can’t see the URL when you hover over the link, you can copy and paste the link into a word-processing document. Right-click on the pasted link and select “Edit Hyperlink” from the menu that appears. Selecting “Edit Hyperlink” will open a pop-up window in Word that shows in the “Address” field the Web address to which the link directs.
- Clicking the link could be dangerous, but if you find that you did click on such a link, double-check the name of the site as shown in the location bar of the browser and be especially careful if the site name displayed is an IP address (e.g. “192.168.25.75”) instead of a domain name (e.g. “www.example.com”); in the former case it is very likely the site is not legitimate. Again, if something is misspelled in the URL (using the www.paypall.com example, where Paypal is spelled with two Ls), don’t enter any personal information on the site.
- At this point, you could also check the certificate verification of the website. Check for the “lock” icon on the status bar that shows that you are on a secured site. Also check that the URL begins with “https” in the location bar when making transactions online.
- If you click on a link and have any concerns whatsoever, close the browser window. You can always take the extra step to go to a website directly (for example: type in your bank’s URL) or call a business to confirm if something came from them. If the email has legitimate information — like a fraud alert — it should also be on the company website.