Phishing emails: How to protect yourself

Image of fishhook hooking an @ symbol above a white computer keyboard

Be on the alert for phishing scams that aim to hook your personal information

You have probably heard about phishing scams – fraudulent emails designed to rob you of sensitive data. Because phishing is one of the most widespread forms of cybercrime, it’s important to learn how to recognize these scams so you don’t get caught in the net.

What does phishing mean?

“Phishing” is a scam in which cybercriminals pretending to be from a reputable company send emails to try to trick you into revealing personal information, like login credentials or credit card numbers, or into installing malware on your device.

What does a phishing email look like?

A phishing email will try to imitate a message from a trusted sender, like your bank or credit card company, or a well-known online retailer or social media site. They will either contain malicious attachments designed to install malware (like a virus or spyware) on your computer when opened, or links to fraudulent websites designed to trick you into revealing your password or other personal data.

Email scammers have some favorite tricks to try to get you to open the infected attachment or click the fake link, like:
  • Saying there’s a problem with your account or your payment information
  • Sending you a fake invoice and claiming it’s overdue
  • Telling you you’re eligible for a government benefit, like COVID relief payments
  • Requesting that you contribute to a charity, especially around the holidays
  • Claiming you won a prize or sending you a coupon
What do all these fraudulent emails have in common? They come unprompted or unsolicited by you, and they try to create a sense of urgency that immediate action is required on your part.

How to avoid phishing scams

When you receive an email that asks you to click on a link or open an attachment, you should proceed carefully. Always be suspicious of “urgent” emails that pressure you for an immediate response. Don’t open attachments unless they are expected and come from a trusted source. Emails that contain spelling and grammatical mistakes should also be treated with caution. When in doubt, call the sender by phone – never reply to the suspicious message. Or go directly to the homepage of the institution or company and log in there instead of using the link in the email.

How to identify phishing links and fake sender addresses

When it comes to emails requesting security information like account names or passwords, it pays to be vigilant and check before you click. For example, phishing emails will often claim to be from a reputable company like Amazon or Paypal and contain fake sender information designed to trick you. However, if you hover with your mouse over the display name in the “From” line, the email address that pops up will often reveal that the email is a fake, containing misspellings, strings of numbers, or a different domain name entirely.

Another favorite trick of online scammers is using faked links in phishing emails to get your user data or to install malware on your device. If you take the bait and click the link, it’s often already too late. So take a moment to examine any links before you click on them. To see a link embedded in a text, simply hover over it with your mouse and it will appear in the lower corner of your browser window. There are often clues in this link that reveal that it is not the real thing. For example, if at the start of the link you see “http”  instead of “https,“ this means the site is not SSL encrypted – which means it is not a secure website and therefore probably not the homepage of your bank or a major national retailer. You should also look carefully for small changes or errors in the domain name – like “mall.com” instead of “mail.com” – or a different ending, like “mail.net”.

What to do if you suspect phishing

If you realize an email is a phishing attack, move it to your Spam folder so your spam filter will recognize emails from that sender as spam automatically next time. If you think you may have clicked on a link or opened an attachment that downloaded harmful software, make sure your computer’s security software is up to date, then run a virus scan. After that, you should change any affected passwords.

You can also report suspected scams to your email provider – in the case of mail.com, please use our contact form. Many countries also have government agencies where you can report email scams, for example the Federal Trade Commission (FTC) in the United States.

Did you find this post helpful? We look forward to your feedback below!

Image: 1&1/Shutterstock
 

Posted in

Phishing Security Spam

32 people found this article helpful.

Related articles

How do I know it’s spam?

Man viewed from behind looking at email icons in air
Not sure which emails are spam? Our checklist can help.

Spam is one of the things people like least about email. Sometimes it is annoying but harmless – like  bulk advertising. Much worse are the spam emails that try to trick you into scams or contain computer viruses. Luckily, today’s spam blockers keep a large share of such messages from reaching your inbox. You can also help keep yourself safe by learning to identify the most common types of spam. more
32 people found this article helpful.

But it’s not spam!

Hand pointing at floating red and blue email icons
Stop legitimate emails from being marked as spam
Spam is one of the things people hate most about email. So email providers like mail.com have developed extremely effective systems to block spam emails. The downside, however, is that legitimate emails can be blocked or land in your spam folder. Luckily there are a few tricks you can use to make sure you receive important messages – and to stop your outgoing messages from being marked as spam. more

Posted in

Spam Spam filter Email
16 people found this article helpful.

How do I know if my email has been hacked?

Person wearing hoodie types on laptop while looking at screen with the words Hacker Attack

What happens if your email has been hacked?

How do you know if your email has been hacked or comprised? And if it happens, how can you block cybercriminals and regain control of your account? Discover the most common signs of a hacker attack and what to do about them. more

Posted in

Email Inbox Security
22 people found this article helpful.

Checklist: your personal mail.com settings

Man typing on computer keyboard with word "Password?" appearing over his head
Forgot your password? Saved contact information speeds up the password recovery process
Is your email account as secure as it can be? You can help keep things safe through your personal settings. The personal data associated with your mail.com account can be found on the Home page of your mailbox under "My Account." This is where you go to enter a cell phone number so you can quickly recover your password. Or change your password if you think the old one is no longer secure. But there are a few more things you can do to boost the security of your email. Let’s take a look – we promise, it will only take a few minutes, and it could save you a lot of trouble down the road. more

Posted in

Inbox Security Password
45 people found this article helpful.

2FA? OTP? Why do I need an app for that?

One hand holding smartphone while other hand types on laptop keyboard
The authenicator app on your smartphone generates a one-time code for the 2FA login

Two-factor authentication (2FA) is about boosting your inbox security by adding a second verification step to your email login process. And this second factor is a six-digit security code that you not only use to activate two-factor authentication, but also to log in once 2FA has been set up. This security code is also called an “OTP,” and it’s generated by an app that you install on your smartphone.

more

Posted in

App Password Security 2FA
16 people found this article helpful.

How secure is my password?

Metal lock on laptop keyboard
A strong password is like a lock protecting your email account
“Better safe than sorry” may be an old saying, but when it comes to your email password, it definitely still holds true. Because if an unauthorized person gains access to your email account, it can have serious consequences. more

Posted in

Security Password
19 people found this article helpful.

Why does mail.com want my address?

Female customer support agent wearing headset and talking to customer
If you contact customer support, your address is one way to verify your identity
When you signed up for your mail.com account, you might have asked yourself why we asked for your postal address. Are they going to send me advertising by snail mail? Give my address to third parties? Of course not! There’s a simple explanation, and it has to do with security. Hopefully this post will clear up the mystery of what we use your contact information for – and why you shouldn’t simply enter a fake address. more

Posted in

Security Password
21 people found this article helpful.

mail.com updates its email service with two-factor authentication and new spam recognition technology

Two-factor authentication is now available to all mail.com users worldwide. The security feature provides additional protection both to the mailbox and to the cloud. With active two-factor authentication, account data is safe from unauthorized access, even if the account password is lost or compromised. To log in, users who activate two-factor authentication in their account settings will be required to enter not only their personal password, but also a temporary 6-digit one-time code generated by an authentication app on their smartphone. more
18 people found this article helpful.