Identifying Fraudulent "phishing" email
"Phishing" is also commonly known as "carding" or "spoofing" is an attempt made for acquiring some sensitive and confidential information such as email addresses, Usernames, passwords, your bank account information and password or credit card information by masking or pretending as a legitimate and trustworthy entity but they are not.
For a safe side follow a rule of never sending any sensitive information like username, password. Credit card information, bank account details through an email unless and until that the recipient are legitimate as they claim to be. Most of the Companies mention in their polices that they will never ask for any sensitive information from their customers through email.
In case you receive an email for which you are not too sure whether it is a valid, then below are mentioned some tips that can help you determining its legitimacy.
To Find out who the email is really from:
To locate from where message has originally generated you will have to view Email headers. Follow the below steps to see complete Email Headers.
- In yahoo you can find the option of view email header under actions option.
- In Gmail if you receive actual email (not forwarded) then open email and on right side menu select "show Original" it will open new window where you get RAW email data with full header (showing email origin and routing IP)
- For viewing the internet headers in Outlook.
- Method #1: Right-click the message in the folder view, then choose Options.
- Method #2: In an open message, choose View | Options.
A typical email header will display several lines beginning with "Received." Note the last "Received" line; will look something like this:
Received from genericname.org (125.286.259.192)
In case the "Received from" information do not match the email address of the sender or of the company which is being represented in the email, this usually refers that the message did not truly come from that particular individual or company.
Be cautious of links in the email:
Most common phishing technique that is used is to send emails having links of the website that look like legitimate link but they are not. However when closely inspecting the link will actually take you to the website that has nothing to do with the company the email suppose to be coming from It may also happen that the resulting website of the link may be the similar to the Company they are pretending to be sent from.
Mails can also help you in identifying these types of links. Simply put your mouse over but make sure you don't click any link in an email, and you will notice a pop-up will appear that will display you the actual URL the link will take you too. For an example see below image.
This clearly shows that visible link and the real link do not match. If this is the case then it gives a clear indication that this is a phishing email
To check that the website you're accessing is legitimate:
In case you thing that URL is legitimate and authentic and you have clicked on the same then also you can check the authenticity of the website. With browsers like Safari 4, Firefox 3.5, and Internet Explorer 8 show company name in green color only if the website has Extended Validation (EV) Certificate or SSL certificate which show it's a Legitimate and authentic website business.
Note the email greeting
Usually Phishing emails start with generic phrases like "Dear valued customer" or with your email account name, such as "Dear katty335," instead of your first name ("Dear Katherine" for example). Many of the authentic companies mention your first name in their correspondence because companies will have all the details in their records (if you've already shopped with them before).
The message arrived at a different email address than the one you gave the sender
In case the sender has sent the message on the Email address that you have not mentioned while dealing with that company, this is also an indication that message is not authentic. You can also verify which email Id Company has in its record by visiting the website but do make sure that you visit the original website.
Keep previous history in mind
If you have previous dealings with a Company then you can compare the message for which you have doubts in your mind. In case you have no previous interactions with a company and you receive an email requesting account information or some confidential detail then it might be an attempt at phishing. Again make sure that you do not send any confidential information through mail if you have any doubt or second thoughts.
Never provide personal account information through email
In case you receive any unsolicited email asking for personal information or confidential information, make sure that you do not provide any information without checking with the company that is asking for the information in personnel. Do not open any links on the message or do not reply to the message. Instead for cross verification visit the company’s original website and find contact information for contacting with the company regarding the issue. Most of the companies appreciate being notified for these kinds of fraudulent attempts
Be cautious of attachments
In case you receive any attachment through mail that's not trustworthy do not open the same. First contact with the company directly to verify contents present in the attachment.