We learned in the first part of our email safety series that phishing email scams are aimed at stealing your personal information, infecting your computer, and stealing your money. With these dangerous outcomes on the line, it’s important to hone our phishing detection skills. Today, we will focus on evaluating the sender.

Identifying the Sender

Phishing messages will tempt you by appealing to your curiosity (“SENSITIVE: Salary Information”) or by using scare tactics (“Overdraft Notice”). Scammers hope that this curiosity or fright will cause you to ignore important details—like the sender’s email address—in the message. Another way the scammer will try to draw you away from the sender address field is by using the name of a person or brand or department you recognize in the sender name field.

So why does the scammer want to draw you away from the sender’s email address? Because it’s key in determining the validity and safety of an email. You MUST look at the email address (or handle, if it’s not an email message) to determine if the message is from a known contact or company. On a computer, most email programs will have the email address in brackets such as in the animated GIF below. If the email does not display next to the name, you can hover or click on the name to see the address.

On a mobile device with limited screen space, you may have to tap the name in the mail app to see the sender’s address (see the GIF below).

Unrecognized Senders

When you receive a message from an unrecognized sender and there is no prior context (discussion, notification) for the message, delete it! The safest place for it is the trash. If you suspect the message is something you shouldn’t ignore, try to verify the information through other means:

1. Identify the customer support phone number from a source other than the message and call them.
2. Contact the sender via a known contact number or find them in person and ask about it.
3. Go to the website using a memorized URL or trusted search engine result and log in to your account to verify details.

Next Steps

Verifying the sender’s email address can help you weed out dangerous emails, but it’s not a green light to click a link or attachment, or provide any personal information just yet. It is possible for a scammer to fake (spoof) a sender’s email address. Falling for a spoofed email can be devastating if, for example, you’re being asked to make purchases or send payment or confidential information.

Before you take action, you’ll need to ask yourself: Was this email expected? More on that next week!