So, have you heard of this thing called email fishing? I'll give you a definition, but first let me show you an example.
A customer of ours sent me this email recently and asked what to do with it. Read the email out loud.
Email fishing is an attempt to steal your personal information.
In the case above had my customer followed the link provided they would have been taken to a page that asked them to enter their login information. That page however wasn't owned by CenturyLink, it was owned by the thief. If my customer had followed the instructions the thief would have:
- hijacked their email account.
- Used it to send spam by impersonating my customer.
- Potentially read email stored on the server to find further personal information like bank account numbers.
How do you know which is which?
Let's start with the obvious, the language. I purposely pasted the email into Word so that it would highlight the spelling mistakes and bad grammar. Then I asked you to read it out loud to further make my point. Why would any reputable company send a form letter out with such glaring grammar errors, particularly when it's so easy these days to have a program like Word point out your mistakes and correct them? The answer is, they wouldn't.
This is very common with fishing emails though because the thieves tend to be in non-English speaking countries. They either don't have the skills to translate into English or are using a poor language translation software. Bottom line, if the email has really bad grammar, 99.999% chance it was a thief who sent it.
The next way to spot fishing is much more subtle. Look at the link they thief is asking my customer to click on. If you aren't sure about something like this, hover your mouse over the link. You'll get a tiny popup that shows you where you'll be taken if you click that link. Here's an example.
If you read your email in a web browser (Internet Explorer, Google Chrome, Firefox for example) you may have to look at the status bar at the bottom of the window to see this.
I've drawn a red box around the portion of the link to be concerned about (the characters between "http://" and the next "/". If this link were legitimate, that section would have the company name in it. For instance, this website is:
If you hover over that link it will show you my company name in that space. Now do the same thing with this link:
See the difference? Both links look the same, but if you click on the second you would be taken to FooledYou.com. Not good!
Bottom line, if you aren't 100% sure the email is real, don't click on anything. Send another email to the company and ask them if they would have sent you that email.