How to Spot a Phishing Email

Phishing is one of the most prevalent identity theft scams you’ll encounter on the web. It’s estimated that about 75 to 150 million phishing emails are sent out daily. Learn how to recognize them so you don’t fall victim to this common scam.

It starts with opening the email message. As soon as you open a message, you should begin to notice that some things aren't quite right. For example, this message is from a well-known banking institution--Capital One. Most banking institutions today don't send emails requesting customers to click on links or provide information.

Legitimate institutions that send out emails to their customers usually send them from an email address that’s associated with their web site. In this message, the email address ends with @online.com. That’s your first clue that this might be a phishing email, because the message claims to be from Capital One.

Phishers – the criminals who send out emails trying to capture your personal information – use any means necessary to get you to respond, and that includes marking email messages Urgent.

All phishing emails have one thing in common: links that don’t lead where they appear to. Looking at the link in this email message, it appears to lead to onlinebanking.capitalone.com.

One way to tell if what you see is really where you’ll end up is to place your pointer over the link. (But don’t click it!) A pop-up window like the one shown in the image above should appear with the actual URL attached to the link. In phishing emails, this address rarely matches what’s displayed in the email.

A very common tactic that phishers use is telling email recipients that ‘regular maintenance’ turned up an account error of some type. Don’t fall for this!

If your credit card provider or banking institution finds errors in your account, you will most likely receive a letter in the mail explaining the situation. On rare occasions, you might receive a phone call, but even that isn’t likely to happen because of the risks to the creditor or banks that are involved.

Like marking a message urgent or high-priority, another trick that phishers use is to play on your sense of vulnerability. “Confirm your account now to stop fraudulent activity.” Bad move.

Confirming your account usually means providing all of the identifying information that a criminal needs to gain control of the count. When in doubt, call the number on your credit card or banking statement.

Have you ever seen a piece of mail from your credit card company or bank that included misspellings? Probably not. That’s because those companies pay big money for someone to proof everything that goes out to customers.

So why would those companies send out email messages that included misspellings and punctuation errors? They won’t. Errors of this kind are sure indicators that an amateur is trying to steal your identity.