How to Spot a Phishing Email

It starts with opening the email message. As soon as you open a message, you should begin to notice that some things aren't quite right. For example, the message in this item looks to be from a well-known banking institution—Capital One. Most banking institutions, however, don't send emails requesting customers to click on links or provide information.

Legitimate institutions that send email to their customers usually send them from an email address that’s associated with their website. In this message, the email address ends with ​​"@online.com." That’s your first clue that this might be a phishing email because the message claims to be from Capital One, which would probably have an email address ending with "@capitalone.com."

Phishers—the criminals who send emails trying to capture your personal information—use any means necessary to get you to respond, and that includes falsely marking email messages "Urgent."

All phishing emails have one thing in common: links that don’t lead where they appear to. Looking at the link in this email message, it appears to lead to ​"onlinebanking.capitalone.com."

One way to tell if what you see is really where you’ll end up is to place your pointer over the link—but don't click it! A pop-up window like the one shown in the image above should appear with the real URL attached to the link. In phishing emails, this address rarely matches what’s displayed in the email.

A common tactic used by phishers is telling email recipients that "regular maintenance" turned up an account error of some type. Don’t fall for this.

If your credit card provider or banking institution finds errors in your account, you will most likely receive a letter in the mail explaining the situation. On rare occasions, you might receive a phone call, but even that isn’t likely to happen because of the risks to the creditor or banks that are involved.

Like marking a message "urgent" or "high-priority," another trick that phishers use is to play on your sense of vulnerability—for example, “Confirm your account now to stop fraudulent activity.” Bad move.

Confirming your account usually means providing all of the identifying information that a criminal needs to gain control of the account. When in doubt, call the number on your credit card or banking statement.

Have you ever seen a piece of mail from your credit card company or bank that included misspellings? Probably not. That’s because those companies pay big money for someone to proofread everything that goes out to customers.

So why would those companies send out email messages that included misspellings and punctuation errors? They wouldn't. Errors of this kind are easy to spot and are sure indicators that an amateur is trying to steal your identity.