What Does a Phishing Scam Look Like?
- Most phishing e-mails say that they're just doing a routine update of your information for their records. That may in and of itself be suspicious, but it should be even more so if it's for an organization you don't currently do business with. If you get an e-mail asking you to update your information from a bank you don't have an account with, or for a credit card you don't own, you're more than likely being phished.
- Some of the most common e-mail scams are loaded with misspelled words, up to and including the name of the company the e-mail is supposedly from. Most corporate communication goes through a long chain of copy writers, editors, and spell-checkers before it hits your inbox, so if you see an e-mail with lots of obvious errors, odds are good you're being phished.
- Most phishing operations work by randomly stringing together possible e-mail addresses, and blindly sending the scam to all of them. Check the "To" line of the possible phish e-mail you've received: is it just to you, or is it to multiple e-mail addresses, most of them similar in spelling to your own? Also, does the e-mail call you "Customer," "Sir or Madam," or by your actual name? Phishers usually have no way of knowing your real name or including it in the e-mail--but legitimate businesses might.
- Say you've just received an e-mail claiming to be from Bank of America, asking you for a routine contact information update. The logo may look official, and the language may seem appropriate, but take a second to examine the "From" line on that e-mail. What e-mail address, exactly, did you receive the message from? (Some e-mail programs may not tell you the address right away; you may need to hover your mouse over the "From" name to show the actual address.) If it's a legitimate e-mail, it should be from an "@bankofamerica.com" address. If, instead, it's from something like "no-reply@moneyybank.biz" or "yvvvi@sidjfjei.com," it probably didn't come from Bank of America.
- All phishing scam e-mails come with a link to visit--the link the e-mail wants you to click so that you can claim your prize, update your information, pay your bill, or whatever it is the scam wants you to believe. On most e-mail programs, hovering your mouse over the link will tell you the web address to which the link will send you (if that doesn't work, try right-clicking on it). Using the earlier example, an e-mail from Bank of America would probably send you to some page on the Bank of America website, but it certainly wouldn't send you to an address at "www.quickcashsendz.com" or "suijosdfi.ar." If the link doesn't match the company that supposedly sent you the e-mail, it's almost certainly a phishing scam.
- Some phishing scams are tremendously realistic, and even after running an e-mail through the five tests, you might still not be sure if it's for real. You don't want to blindly follow a link that might infect your computer or ask for inappropriate information, but you also don't want to ignore what might be a legitimate request from a company you do business with. If in doubt, don't click the link or reply to the e-mail; just contact the company that supposedly sent you the e-mail and ask them for verification. It may seem like a bother, but it's better than losing your personal information to a phishing scam.
