Who Sent This?
When teaching email and message safety, one aspect we focus on is ignoring messages when you don’t recognize the sender or have no prior context for the message. We do this to help our users avoid being phished–duped into providing private information or access to their online accounts or computer.
Phishing attempts will tempt you by appealing to your curiosity (“CONFIDENTIAL document”) or by using scare tactics (“Overdue Invoice”). Scammers hope that this curiosity or fright will cause you to ignore important details, such as the sender address, in the message. They will further try to draw you away from the sender address by using the name of a person or brand you recognize in the sender name field. After all, the scammer can put anything they want in the sender name field of an email account.
Identifying the Sender
What if someone doesn’t know how to evaluate the sender? Instead, they take what they see at face value. The Sender name field says “Payroll,” so it’s definitely from Payroll, right? Wrong. You must look at the email address (or handle if it’s not an email message) to determine if the message is from a known contact or company. On a computer, most email programs will have the email address in brackets such as in the animated GIF below. If the email does not display next to the name, you can hover or click on the name to see the address.
On a mobile device with limited screen space, you may have to tap the name in the mail app to see the sender’s address (see the GIF below).
When you receive a message from an unrecognized sender and there is no prior context (discussion, notification) for the message, delete it! The safest place for it is the trashcan. If you suspect it’s something you shouldn’t ignore, try to verify the information through other means:
- Identify the customer support phone number from a source other than the message and call them.
- Contact the person via a known contact number or find them in person and ask about it.
- Go to the website using a memorized URL or trusted search engine result and log in to your account to verify details.
Word of Caution
When money or valuable/confidential information is involved, always verify with the sender outside of the message before complying with a request. It’s not unheard of for a scammer to fake (spoof) a sender’s email address. Falling for a spoofed email can be devastating if, for example, you’re being asked to make purchases or send payment or confidential information.