In an effort to keep our members informed of current online security threats, we wanted to remind you about a continuing trend we’re seeing from scammers who are impersonating large businesses and government agencies through email and phone calls. These suspicious phishing emails are circulating inboxes in an attempt to gain access to personal and secure business networks. This is something you should be very careful about for both your personal and work email accounts and as always, when answering calls from unknown numbers.
We’ve put together the top red flags to look for when evaluating whether an email is legitimate or potentially fraudulent.Who is the actual sender?
This may sound like an easy thing to determine, but this is the top way scammers are able to dupe their victims. Unfortunately, it is pretty easy to set up an email to look like it is coming from “Amazon.com.” However, the actual “email@example.com” email address is what you should actually be double-checking. Looking at the image below, you can see that the actual email address has nothing to do with Amazon – big red flag!
Is there a “To” address (i.e. your email address)?
This may or may not be the case, but a lot of times, these scammers are sending emails to hundreds or thousands of victims to increase their chances of someone taking the bait. Some are more sophisticated about it, but sometimes, they hide the “To” email addresses, which is a dead giveaway that it is not a legitimate email. A business that sends you an email will include your email address.
Another way to tell if an email is a phishing attempt is to hover over (DO NOT CLICK!) the links or URLs to see what pops up. Please see the images below as examples of this tactic. As you’ll see, the written out links in the email make it look like you will be taken to the Amazon website, but when hovered over, the URL actually programmed into the email is completely different. Clicking on the links could lead to any number of problems, including infecting your computer with spyware, trying to access the network you’re connected to and much more.
- "Do I have an account with this company?"
- If I have an account with this company, does it use this specific email address or phone number? (i.e. Do you have an Amazon account with your work email address?)
- If I have an account using this email address or phone number, did I recently place an order?"
Helpful tips if you receive a suspicious email:
- Never open attachments or click on any links from unknown senders.
- Hover over the link(s) with your mouse to see if the link points to a legitimate address.
- Never enter your sensitive information in an untrusted site or pop-up window.
- Do not reply.