How To Avoid Email Phishing Scams

We've all gotten emails that look to be from a reputable source but it may be a email phishing scam. They might say we've won a gift card or perhaps alert us to an error within our account and requires immediate attention.  Please do a few things before clicking to keep your device and account safe and avoid email phishing scams.

  • If it sounds too good to be true, it probably is
  • Analyze the From email address
  • Analyze the links within the email
  • Don't Unsubscribe
  • Report emails only if they meet certain criteria

What is Phishing?

If you have an email address, you've seen phishing emails. They're targeting you as a user in hopes that you'll reveal account information, specifically your login and password. These emails look legitimate visually and that's how they're able to trick users into giving up their details. Phishing can come in the form of text messages or phone calls, but the most common method is email. Emails can be sent by the thousands at the click of a button. Text messages are similar but phone calls take too long to convince the person on the phone to give you their information. These scammers don't care who they target and are hoping they can make a quick buck from you. I don't want that to happen to anyone.

What if I fell for it?

If you've clicked something you shouldn't have and given your login and password to an untrustworthy website, you should learn how to protect your online accounts and set strong passwords as quickly as possible.

Analyze Email You Suspect a Phishing Email

In a few simple steps, you can look over the email, check the from email address and the links within the email to get an idea if the email is a phishing email or not.

 1.  Take a look at the From email address.

The email From name can be 'legitimate company', but the From email address needs to be examined. Take a look at the pic below. It's from 'congratulations', but on further inspection by clicking the word 'congratulations' in the email, I can see it's from a very odd address. That's not a legitimate email address. Even though the word yelp.com is in the email address, all of the junk in front of the From tells me that this is bogus. However, if the email were from giftcard.yelp.com, I'd look a little further before deciding to discard the email.

Example of an email with the word congratulations in the email address

2.  Analyze the links within the email.

In your desktop email program, you can hover over a link to see where it's actually going to go once clicked. See the image below. From a mobile device, you can press the link and then choose copy. Paste the link into a note or memo so you can view it without risk of going to the actual website. This doesn't tell us whether or not this is a phishing email.  Storage.googleapis.com is a legitimate service, but used by anyone.

Certainly if this email were from a big bank and the links were going to bigbank.com, or login.bigbank.com, it's probably NOT a phishing email. However, if the links were going to an obscure link like asfafeasefasf-bigbank.com, this is a sure sign that it's a scam. Most importantly, don't click anything in the email.

Example of a link

3.  Go with your gut.

What is your gut telling you? If the email doesn't feel right, or raises any flags with you, call the company who sent the email. If it's your financial institution, call the number you have on file. Do not call any numbers listed within the email.

Example of a link

4.  Analyze the email header.

Did you know that each email you receive contains an email header? The headers contain certain information about the routing of the message as well as the originating IP address. In some instances, this information easily traced.  Our email header analyzer tool may be able to provide you with the originating IP address. In addition to the analyzer tool, we also offer a

5.  Don't Unsubscribe

I know this sounds odd to say, but when phishing emails come through, the last thing you want to do is unsubscribe. This only verifies that your email address is good and that you're a human who is checking and interacting with the email address. However; it's perfectly safe to unsubscribe from legitimate sources.

Should you report phishing emails?

In my opinion, it's best to only report them if the email looks real enough to get lots of people to click and give up their information. Firstly, if the email is full of typographical errors and the wrong logo for the institution they're representing, it's not likely to garner a lot of clicks. Conversely, if the email looks very similar to emails you receive from this institution, by all means it should be reported.

How Do I Report A Phishing Email?

It's pretty simple actually. Firstly, you can go to the actual website where the email is claiming to be from. Sometimes these sites will have a report scam or phishing emails section. Secondlly, if you're unable to find a way to report the email directly on the website in question, you can simply forward the email to [email protected][companyname].com. Finally, if the email is from someone posing as BigBank.com then [email protected] should be set to receive emails like the phishing one you wish to report.