Quick Tip: Type website names directly into your browser for any “phishy” offer delivered by email. That way you do not give away your log in information or download a virus.
Why: A phishing email is a bogus email carefully designed to look like a legitimate request (or attached file) from a site you trust in an effort to get you to willingly give up your login information to a particular web site or to click and download a virus.
Often these emails look 100% legitimate and show up in the form of a PDF (scanned document) or a UPS or FedEx tracking number, bank letter, Facebook alert, bank notification, etc. That’s what makes these so dangerous–they LOOK exactly like a legitimate email.
Here are the telltale signs to help you distinguish a phishing email from a legitimate one:
- Hover over the URL in the email (but DON’T CLICK!) to see the ACTUAL web site you’ll be directed to. If there’s a mismatched or suspicious URL, delete the email immediately.
- It’s a good practice to just go to the site directly (typing it into your browser) rather than clicking on the link to get to a particular site. Do not cut and paste the link into the browser. Quite often this will reveal subtle differences in the domain name, e.g. “mydomain.co” instead of “mydomain.com”
- Another telltale sign is poor grammar and spelling errors.
- Another warning sign is that the email is asking you to “verify” or “validate” your login or asking for personal information. Why would your bank need you to verify your account number? They should already have that information.
- Finally, if the offer seems too good to be true, it probably is.