Phishing emails often look authentic and can trick you into believing they are legitimate. It’s becoming more and more difficult to spot fraudulent emails, which may lead you into clicking on a link to a phony website or point you to a bogus login page, in order to steal your user name and password.

One of the most common methods to illicit a response from you is through an email that you likely have seen before, a shipment notification. Retail websites often promise fast shipping and offer to track your package. They send out emails confirming your purchase, letting you know your item has shipped, and will often email if there is any delay, plus a notice that the package is delivered. You may be so used to reading these notifications that you barely pay attention to the details anymore, such as the company’s email address. At least that is what the scammers are counting on.

What should you be checking in your email messages to prevent an attack by a phishing email?

  • See who sent you the email. Do you recognize the address and does it match previous messages from this person or company? If it does not, it could be a scam. One way to learn whether the email is safe is to call the company and ask if they sent you this email.
  • Why are you getting this email? If it is not from anyone you know, you are not expecting it, or it is from a company you do not recognize for an order you did not place, it is more likely than not a phishing attempt. Take the time to report it to company or organization impersonated in the email. Provide them with the details so they can alert other customers to the email scheme.
  • Does the email include an attachment? Shipment verifications usually have links to your account or the shipper’s tracking page but not file attachments. It is better not to open any file attachments but instead type the URL of the retail store in a new tab or browser window, navigate to your account, and from there track your package.
  • Be suspicious of URLs in the message that do not begin with ‘https’. The ‘s’ is for ‘secure’, meaning the communications between your browser and the website are encrypted. You especially want to see this on any webpage that has personal, financial, health care, or sensitive information including your shopping orders. If you want to open a link that is included in the email message, copy and paste it into a new tab or window. However, do not enter any of your personal information into a website that is not encrypted.

Phishing scams are widespread and you’ll likely receive many attempts to access your personal information. When you receive emails from retailers confirming your order and notifying you when it is shipped, watch out for messages that include:

  • The sender’s email address is not the same as the other emails you’ve received from the retailer. Or the email address doesn’t include the retailer’s name, has extra characters or numbers, or has a URL extension that doesn’t end in .com or .net. There are country extensions to show the origin of a business located in another country. Some examples are .uk (United Kingdom), .ro (Romania), or .ru (Russia). Unless you are doing business with another country, the sender’s email address and any of the emails URLs should not include such an extension.
  • There may be clues in the subject line as well. Those asking if you remember the sender, or saying there’s a problem with your account, your account is deactivated, or you must update your account to receive a refund, should all be considered as suspicious emails. Rather than clicking on any of the links, open the retail website in a separate tab or window and check your account information. Or you can call the company instead and ask if there are any problems with your account or if they need any information from you.
  • Links opening to a sign-in or login page where you need to enter your personal information, such as your name, address, phone number, email address. These pages were likely created by the scammers.
  • Messages that require you act immediately or your account will be closed or suspended. Retailers do not send these types of requests. Customer service may ask you to call to verify information but they will not send threatening emails requesting information.
  • Notices that your credit card or account has been accessed by an unauthorized person and you need to respond quickly. Or there are suspicious charges on your account and you need to go into the account and check it. There typically will be a link for you to use to take you to a bogus webpage, asking for your login information.
  • Emails that contain images that seem blurry or brand logos that are do not exactly match the ones you’ve seen in previous emails. Images that are copied and pasted into phishing emails lose some of their quality. Brands use consistent color schemes and fonts in their marketing materials but a phishing attempt may not be able to exactly duplicate these.

Being aware of phishing scams and taking the time to check your emails before opening them or clicking any of the messages links will help keep your personal information from being stolen. In addition to the above steps to avoid being scammed, install antivirus software on your computer. There are many options available in a range of prices, including many free versions.

Also, keep your software, operating system, and browser up-to-date. New versions are distributed to help prevent the newest methods used by phishing emails and malicious viruses.

Phishing scams are very sophisticated and even with the best intentions you may fall victim to one. So even after following all these steps, if you do accidently click on phishing link and enter your personal information, you should 1) update all your login names and passwords, 2) scan your computer using your anti-virus software, and 3) request a fraud alert be added to your credit report to help protect your personal information.

InfoSec Institute
Rated 4.3/5 based on 302 customer reviews.
InfoSec Resources