Have you recently gotten an email asking you to enter your mail.com password or your account will be deactivated? Or received a request to log in to consent to changes in a company’s terms of use? Warning: These messages are examples of a kind of email scam known as “phishing”.
Not sure if an email is legit? Here's what you can look for.
Because there are a lot of phishing mails circulating these days, here’s a refresher in how to protect yourself.
Phishing can have dangerous consequences, ranging from hacking of your online accounts to identity theft. So it’s worth taking a few moments to learn how to identify a phishing email in case one makes its way into your inbox.
What is phishing again?
A phishing scam is when people receive fraudulent messages (mostly email, but sometimes texts) claiming to be from a trusted sender. The aim of such messages is to trick them into revealing personal data, clicking a fraudulent link, or installing computer viruses on their device. For more information, you can check out our explainer on phishing.
Fake mail.com emails
In some cases, online scammers have sent out fake messages claiming to be from mail.com in order to steal email login data. Recent examples have been a fake warning that the user’s email account will soon be deactivated, and a request to agree to an update in the mail.com Terms & Conditions. In many cases, these messages come from a sender that is not using a @mail.com address, e.g. @gmail.com or @yahoo.com. The fraudulent messages usually contain a link to a fake login window that asks for the username and password. Once the scammer has gained access to the account in question with the stolen login credentials, they can change the password so the legitimate user can no longer access it.
Important: mail.com will never send a customer an email asking for their password. If you have received such an email claiming to be from mail.com, do not click any links or provide any login information. If you wish, you can check the authenticity of the email on our postmaster page or report phishing incidents to us using our postmaster form. Keep reading for more information on identifying phishing emails.
More phishing scams in 2022
Some things never change, even when it comes to cybercrime. For example, scammers love to take advantage of a crisis. In addition to the Covid-related email scams that have been circulating since 2020, fake emails soliciting aid donations for Ukraine have also been spotted since March 2022. Experts have also identified a rise in cryptocurrency phishing scams, which follow the usual pattern of trying to trick you into giving out personal information – in this case, including the key to your digital wallet. However, most of the phishing scams in 2022 follow a familiar pattern – fake emails that look like they come from a well-known company or government institution.
Content of phishing messages
A phishing email will usually be from a faked sender address and have a look and feel that imitates the real company or institution they claim to be from, including logos and brand colors. Favorite subjects for these fake messages have included:
New or updated terms and conditions
A security breach or other problem with your online account
Delivery or package tracking
Problems with invoices or overdue payments
Tax-related issues
In all the above cases, the phishing email will contain a link or an input field for you to interact with. For example, you might be asked to click a link to view a change to the company’s terms of use, enter your online banking information to complete a transaction that supposedly failed to go through, or pay additional postage so your package will be delivered. Often the phishing email will try to create a sense of urgency by asking you to take immediate action.
There are a few things you can do to lower the risk of being caught in a phishing scam:
Never enter your personal data in response to a request in an email. If you think a request may be legitimate, contact the company or institution directly and/or log in to your account through the usual login process
Check the email’s sender address by moving the cursor over the address. This will display the complete email address so you can see if it actually belongs to the real company. A fake address will likely have a completely different name or contain letters or special characters in addition to the real-sounding name (e.g. amazon1.com instead of amazon.com).
The same principle applies to links or buttons in the email – you can mouse over the link to see the URL behind it. Fake website addresses will also often contain misspellings, extra characters, or a different company name entirely.
If you think you have accidently clicked on a harmful link or attachment in a phishing email, you should immediately run a virus scan to make sure no malware has been installed on your device. If you believe you have entered your login data on a phishing site, you should change any affected passwords right away. If you cannot log in to the affected account, contact the provider immediately to report what has happened.
We hope this refresher on phishing will help keep you safe online. You may also be interested in looking at all our posts about phishing here.
