Thursday, September 1, 2016

How to Tell if an Email is Real or Fake

By: David Schuchman
     
Princeton Technology Advisors, LLC
      Innovative Solutions for Your Growing Business



Fake emails, also called "spoof" or "phishing" emails, try to look like they are from real companies or people you know. They are a common way criminals use to steal your personal or financial information, such as bank account details, credit card information, passwords, etc. Fake emails often link to fake ("spoof") websites where your information can be collected as you type it. So, be very cautious!

Here are some ways to determine that the email you received is a "spoof":
Fake Sender's Email Address
You can check who sent the email by looking at the sender's address. For example, the message may say it’s from "South Bank", but the email address may be something unusual like "southbank_support@hotmail.com". A reliable company's email should not be using a public internet service provider account like Hotmail, Gmail, Yahoo!, etc. Typically, real companies have their own domains. So, you should expect the email address to look something like "support@southbank.com".

Requesting Private Information
Companies contacting you will not ask via email for your private information. Be very suspicious of emails requesting your social security number, account number, security code, personal identification number (PIN) or other sensitive information.

Not Addressed to You
A legitimate email from a business with whom you have a relationship will address you by name rather than as “Valued Customer” (or something similar). Since a reliable business likely has a customer file with your contact information, they will address you directly.

Typos
Emails which have misspellings or grammatical errors, or grammar that indicates they are not properly formatted for the language in which they are written, are additional signs that the message is a fake.

Incorrect Links
Some email message will make a request for you to click on a link (e.g. View your account statement here). Hover your mouse over the link to see the content of the link. Similar to "Fake Sender's Email Address" above, the link should have the company's URL in the beginning of the link (e.g. "www.southbank.com/customer/statement.aspx"). Don't click on a suspicious link. Clicking on a fake link will likely allow a hacker access to you computer and stored information, or will download malware to your computer.

Low Resolution Images
Another tip-off to a fake email message is poor image quality of the company’s logo or other images in the message.

What if the Sender is Someone you Know?
Spoof emails from people you know usually ask you for you to do something that a friend might not ask you to do, such as to click on a link to an unusual website. Sometimes, you will see that the "friend" sent the email to a number of email addresses in the "To" box. In this case, it is likely that your friend was "spoofed", which is causing that email account to contact you.


When you suspect you received a fake email from a company with whom you do business, call that company's customer service department. Ask them about the content of the message. If the message is legitimate, the customer service department should be able to assist you with the message request. If the message is not legitimate, delete it right away.

When you suspect you received a fake email from a somebody you know, send that person a separate, new email asking if they sent the prior message you received. Do not reply via the suspected message which may (or may not) be sent to them. If the person replies that the message is not legitimate, delete it right away.