You get a suspicious email. It addresses you by name, but the wording, which urges immediate action, is odd.
This may happen to you many times a week. Do you know what to do – and what not to do – with emails like this? Do you know what to tell your parents and kids and employees to do when they open these emails?
How to spot a suspicious email
Some scam emails can be very convincing, with brand logos and official language. Remember to pause anytime an email urges you to take immediate action that could reveal private information. Look for these warning signs of a scam email:
The sender name is vague and the sender’s email address is long or convoluted
The email’s subject line is attention-grabbing or alarmist
The email urges immediate action of some kind
An offer of a major discount is dangled
The email cites some pretense for seeking your personal information, including log-in information to a website.
The email urges you to click hyperlinked text without clarifying where you are clicking
“Many scams and phishing emails cite offers that are too good to be true,” says Alexej Savcin, an Avast malware analyst. “Or they try to trick users to quickly click on a link with language like ‘click to win’ or ‘see who’s watching you’.”
Once you have identified the email as part of a scam:
Don’t click on any attachments, which can install harmful malware.
Don’t click on any links, especially if the email urges you to go to a website and provide any information.
Do not reply to the suspicious email or use a phone number or other contact information in the email.
Look closely at the sender’s email address and any web addresses in the email for deviations from the official name of the business or sender.
If you are using your work email account, contact the IT team. They may want you to forward them the email but ask first.
If you are using personal email, and a message claims a business is urgently trying to reach you, you can call or reach out to the business by looking up contact information online or on an old bill. Do not use any contact information provided in the suspicious email.
Your personal email platform may allow you to report phishing. On Gmail there is a drop-down menu next to the reply button with that option.
You can also forward a phishing email to the U.S. Federal Trade Commission at email@example.com and firstname.lastname@example.org.
If you already replied to a suspicious email, clicked on an attachment or link, or provided personal information, tell your company’s IT team if you are at work or go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
Get two-factor authentication on your email program, and consider changing your email password and any other related passwords.
If you’ve received any suspicious emails and have clicked on any links, input any user name or passwords, or given anyone control or access to your computer or accounts – give us a call or come by either of our stores and we can help you out.