Email continues to be one of the most common avenues intruders and phishing activists use to try and gain account information. It can be difficult to detect legitimate messages, but here are some general things to look for:
- If you are ever asked to log in to a site to verify personal information, never click on the link in the email. Always go directly to the web site of the vendor instead. For example, if you receive an unexpected message to reset your banking password, do not click on the link in the email. Instead, go to your bank's website.
- Don't open attachments you are unsure of.
- Watch for spelling and grammar errors. Phishing scams are often poorly written.
- Don't respond to requests to send money to someone.
- Check the email address. In Gmail, if you hover your mouse over the sending address, you should see a popup with a name and email address. If the email address looks strange, it is bogus. (This is not 100% effective as phishers have found ways to spoof valid email addresses.)
- Look for oddities in the signature. If someone normally signs with only their first name and their complete name is shown, that may be a bogus message. The same may be true if you receive an email from a business with very little contact info.
As always, if you doubt or have concerns about an email, it is best to contact the sender directly.