Sylvia from New York City writes:
I can usually recognize a phony request in an e-mail, which I then delete, but sometimes I receive an e-mail, for example, from the NY Times to do a survey. How can I be sure this is coming from the Times and not a phishing expedition. I will open the e-mail, but hesitate to click on a link, unless I’m sure, but don’t know how.
Great question Sylvia. Truthfully, it’s a tricking business. But you’ve already got the most important thing down, you’re aware to be on the lookout for things that don’t quite look right.
Phishing is when online scammers entice people to give away their personal information with e-mails or sites that mimic communications from sites that you know and trust.
One question to ask yourself is “Would I legitimately be getting a message from this site?” Take the New York Times survey e-mail. Do you subscribe to the New York Times? If it’s about a contest, did you enter that contest? If it’s about a product, is it a product that you’ve expressed interest in?
Watch out for anything that wants your Name, username, address, phone number, password or PIN, bank account number, credit card number or Social Security Number. Your bank, a magazine you subscribe to, your credit cart etc… should already have your information. Be especially suspicious of e-mails that say they come from banks.
Watch out for a sense of fake urgency. Anything that says you have to act right now, should make you suspicious.
Legitimate websites will often have a security certificate which you can see by typing their web address in with an https:// instead of http://
It’s difficult to tell with many links because sometimes they contain part of the name of a legitimate website. But that can be faked. One way to tell is to rest your mouse pointer on the link without clicking. Here, you can see that the link is actually not the same as the address, it’s leading to another site.
Microsoft advises users to watch out for the @ sign in front of HTML addresses. Your browser will ignore anything in an address that comes in front of the @ sign.
If you’re wondering if it’s a legitimate link, consider just typing in what you know to actually be the web address in the your address bar.
It’s good to remember the old adage that if it sounds too good to be true, it probably is. It’s unlikely anyone is going to give you a free iPad for taking a survey.
Also, don’t hesitate to contact a company or organization to see if they’ve e-mailed you. Obviously, don’t reply to the suspicious e-mail, but you should be able to find contact information on the website of the business or organization.
Also, make sure your system’s security software is up-to-date. That way, if you do actually click on a malicious link, it may be able to block the attack. Don’t give any personal information away unless you know you are on the legitimate company website.
There’s no one answer except to keep your security up-to-date and to always be vigilant.