r7 - 05 Jun 2007 - 21:45:12 - JeffersonCowartYou are here: TWiki >  FAQ Web > EmailMain > EmailSpamLegitimate

Is this e-mail message I just got legitimate or fake?

It has become common to see one's inbox filled with convincingly official e-mails requesting the recipient to "reregister," "update information," or "renew" their account with some organization. In the process, you will be prompted to supply some important personal information, such as Social Security Number (SSN) or credit card number. This is the basis for most identity theft.

These mass e-mail frauds are now known as phishing scams.

How can I tell if an e-mail is legitimate or a phishing ploy?

There are a few things to look out for:

  • Be instantly suspicious of anything requiring you to supply any kind of personal information. If the organization in question needs that information, they should already have it. If they've "lost it" or otherwise need it because of reorganization, then they don't deserve to have it in the first place.

  • Do NOT click any links inside suspicious e-mails. For example, check out this snippet from an e-mail I got recently:
    phishing.PNG
    Notice that the link looks like it's going to a site at http://www.ncua.gov, a legitimate government institution. However, if we look closer (right click on the link > Properties), we find that it's actually linking to...well, we don't really know. It's just an IP address (200.60.235.177), which turns out to be the location of a site designed to scam you out of your account number, SSN, and PIN.

  • A legitimate e-mail should NEVER ask you to open an attachment, especially if that attachment is an executable file.

  • Don't trust From: lines, since these can be faked fairly easily. Just because webmaster@pomona.edu is e-mailing you, it doesn't mean he/she is actually from Pomona.

When in doubt:

  • Try visiting the website that the e-mail supposedly came from. They will usually have posted some fraud warning.
    • When doing this manually type in the URL. DO NOT simply click a link in the e-mail.
  • Google keywords from the e-mail along with "phishing" or "scam."
  • Try looking for your e-mail message on the antiphishing.org blacklist, which has a list of popular phishing e-mails.
    • Note: This list is nowhere near complete. There are so many phishing e-mails that there is no way a single site could keep up.
 
Home
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback