Identifying Fraudulent "Phishing" Email
What is phishing?
There are different names for phishing, including spoofing and carding. This is an attempt to get privileged information about an individual by pretending to be a legitimate entity. Information accessed usually includes usernames, passwords, bank account information or credit card information.
To be on the safe side, never send any privileged information to someone unless or until you are sure they are who they say they are. As a matter of fact, it is company policy not to ask for your password or other sensitive information through email.
If you receive an email whose validity you are suspicious about, follow the following steps to ascertain the validity:
Who is the sender?
You can find out the original sender from the email headers as follows:
Yahoo: Click on Actions and click on View Email Header
Gmail: If the email is not a forwarded email, open the email then click on “Show Original” from the right side menu. This will open a new window and you will get all the details of the email address, including the IP address
Microsoft Outlook: There are two alternatives
- Method #1: Right-click the message in the folder view, then choose Options.
- Method #2: In an open message, choose View | Options.
An email header generally displays several lines that begin with the word “Received” and the last line should have something with the same format as Received from genericname.org (125.286.259.192)
In the event that this information does not match that of the sender or the company represented in the email, this is spam.
Take precaution with links
Most phishing emails are sent with emails links that appear to be legitimate, but they actually are not. The link will redirect you to a website that has nothing to do with the company website you expected, or at times a website that looks more or less the same as the one you expect.
To detect fake links, you can follow put your mouse over the link but do not click it. You will get a pop up that can display the actual URL link. Here’s an example
In this scenario there is a mismatch between the real and the visible link, a clear indication of a phishing email.
Is the website you are visiting legitimate?
A lot of the browsers today use favicons for legitimate websites. Internet Explorer will however only show a green color in the event that the company has an Extended Validation Certificate (EV) or an SSL Certificate.
Take note of the salutation in the email
A lot of the phishing emails will start with generic phrases or your email account name instead of your first name. You will get things like “Dear Valued Customer” or “Dear Katty326” instead of “Dear Kathy”
Legitimate companies usually mention your names in correspondence mail because they already have your details in their records.
Email in your other email address?
If the email has been sent to an email address that you have not registered with the company, you can also be suspicious. You can visit the original website and verify the email address that you have listed with the company.
Do not delete history
You should keep previous dealings with the company in mind just in case you might need to compare emails later on to ascertain the authenticity. If you cannot get any such emails, you can try and contact the company to verify the same. Remember that you are not to give any confidential information through an email address.
Keep your private information to yourself
You should never provide any personal information through an email address to anyone purporting to be working with the company. You should first verify the true identity of the individual, and besides that, companies will never ask for your password.
Do not click on any links in the mail, and do not also respond to the email. Go to the company website, get their contact details and ascertain the authenticity of the email.
A lot of companies do appreciate it if they are informed of such attempts.
Watch out for risky attachments
Be very careful with attachments sent to your email. Never open an attachment that you do not trust. First of all, contact the company to verify if the contents of the attachment are real.