You just received an email about an item you purchased online. It can’t be shipped to you because your credit card expired. But don’t worry, it’s a quick fix: Simply click on the emailed link and update your credit card information. So easy, right?
Not quite.
Phishing is one of the most common ways for digital bad actors to steal your personal or business information. A well-constructed email might trick you into clicking on a bad link or handing over information needed for fraud or identity theft without realizing who is on the other end.
You should put on your detective hat every time you open a new message. And while many emails are probably exactly what they seem, it only takes one slip-up for someone to steal your money or information. Following these expert tips will help you know when to hit the spam button and when it’s safe to click.
1. Urgency is a red flag.
Scammers know they can more likely separate you from your money if they act with haste. If something says it’s urgent and has to be paid right away to avoid legal trouble, it’s a good sign that it’s a scam. The police, IRS and other government organizations won’t send you an email saying you have to pay a fine otherwise you’ll be arrested. That’s not how they operate.
2. Check the sender’s name and underlying details
It may be obvious that you are not getting an email from a Nigerian prince, but other emails try to trick you by masking the sender. Spoofing is a process where email senders hide their real email address and information behind a fake name, which could be a company or a person. Clicking to see the full sender details and reply details could quickly unmask a cyber-criminal who landed in your inbox.
3. Pay attention to spelling and grammar.
Even if you didn’t get an A in Mrs. Smith’s English class when you were in school, you should do your best to remember those spelling and writing rules. Scammers don’t have the same review processes as legitimate businesses. Many scam emails are littered with spelling and grammar errors, a clear sign they’re not from a legitimate sender.
4. Check links before clicking.
A hyperlink might say it is taking you to a business or government website, but it could actually be sending you to a copy of that page made by an online criminal. Hover your mouse over a link to see the full destination at the bottom of the window. Addresses can be manipulated to look real, so pay close attention to the words right before “.gov” or “.com” in the link. Clicking a bad link could lead to the installation of spyware or viruses that attempt to steal personal and financial information. If something looks off, it probably is.
5. Open attachments with extreme caution.
If you get an email from a friend or relative with an out-of-character note telling you to open an attachment, don’t click! A file attachment from an email can be used to deliver and install potentially harmful software known as malware. Only open an attachment if you know what it is and that it’s from a legitimate sender.
Use Common Sense
It’s important to use common sense, as phishing schemes try to get you to drop your guard and act without thinking twice. Amid the coronavirus crisis, scams are as active as ever.
Remember: The police and companies you work with will never ask for your login information or passwords to websites. Your bank already has your Social Security number, so they won’t call or email to ask for it. And no real business or government will ask you to pay with prepaid gift cards or cash cards.
If something online seems suspicious or too good to be true, there’s probably a very good reason. From your email inbox to your web browser, follow your gut—and these five guidelines—and you will stay much safer online.