I got a suspicious email, what next?
If an email looks suspicious, don't risk your personal information by opening or responding to the message. Below are some suggested guidelines to help protect yourself against these threats when suspicious mail arrives within your mailbox. Consider the following best practice when using email:
• If you receive a phishing e-mail message, do not respond to it. Don't open junk mail at all.
• Approach links in email messages with caution - Links in phishing email messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an email message unless you are sure of the real target address, URL, or a valid sender.
• Approach images in an e-mail with caution - Just as a beacon within the oceans transmits a message or data back to a source, images within email messages —also known as “web beacons” — can be used to secretly send a message back to the sender. Spammers rely on information returned by these images to locate active e-mail addresses. Images can also contain harmful codes and can be used to deliver a spammer's message in spite of filters.
• Don't trust the sender information in an e-mail message - Even if the email message appears to come from a particular sender that you know and trust, use the same precautions that you would use with any other email message. Spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated or was sent from a different source. This is a common practice of spammers and is one of the hardest to combat as there may be legitimate reasons to spoof an address.
• Don't enter personal or financial information into pop-up windows - One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner as the "Cancel" button may not work as you'd expect it would.
These signs can help you identify phishing scams:
- The sender’s email address or phone number doesn’t match the name of the company that it claims to be from.
- Your email address or phone number is different from the one that you gave that company.
- The message starts with a generic greeting, like “Dear customer.” Most legitimate companies will include your name in their messages to you.
- A link appears to be legitimate but takes you to a website whose URL doesn’t match the address of the company’s website.
- The message looks significantly different from other messages that you’ve received from the company.
- The message requests personal information, like a credit card number or account password.
- The message is unsolicited and contains an attachment.