Many computer viruses, malware, ransomware, and other unwanted software get installed because someone opens an email attachment or click on a link that they think is legitimate. Often, the email seems to come from a bank or a common website like amazon or ebay, and it tells you that you need to click on a link to fix a problem with your account or look at an attached bill to avoid additional fees.
It is vitally important to be able to differentiate between legitimate emails and those that only appear to be legitimate. Here are 2 easy steps that you can take when you get an unsolicited email that tries to get you to click on a link or open an attachment:
Don’t Click On Links in Unsolicited Emails
If the email contains a link to go to your account, view a message from the website, pay your bill, etc. DON’T click on the link. Rather, open your web browser and type in the website directly. Then log in and see if there is a message waiting for you. Never trust a link in an unsolicited email because there are many ways to trick you into thinking that it is a valid link when it is not.
Also, if it is not a legitimate email, often the link will contain tracking information so the sender would know that you read and responded to that email. Armed with this information, the sender can continue to send you similar emails in the hopes that you will trip up once and fall into their clutches.
Check the Actual Email Address
Most email programs or web-based email systems only show you the name associated with the email address. For instance, you will see Bob Smith as the sender and his email address email@example.com will not be visible. This allows a malicious email sender to disguise their true identity. For instance, here is one that I pulled out of my Spam folder: PayPal Security Team <firstname.lastname@example.org> – the real email address appears between the < and >. The name that you see as the sender is PayPal Seurity Team, but the real email address is email@example.com. A legitimate email from PayPal should be from …@paypal.com not …@payservices.net. So, before clicking a link (which you hopefully won’t do) or downloading a document, verify that the email address matches the claimed sender.
Another trick that is used is putting a fake email address as the name so that it appears in the sender column to be a legitimate email address. For instance, the fake Paypal sender could have used firstname.lastname@example.org <email@example.com> as an email address with a name that looks like an email address. Most email applications or web-based email systems will display the firstname.lastname@example.org part and you could be fooled into thinking that the sender was legitimate. Don’t forget that the real email address is between the < and >, so the real address is email@example.com but the malicious sender hopes that you won’t notice.
Here is how to see the full email address for some email platforms:
To see the real email address in gmail, simply move your mouse over the name of the sender and leave it hovering there for a few seconds. The complete email address then pops up underneath like this:
The real email address is displayed between < and > above the message like this:
The real email address is displayed between < and > in the header above the actual message like this:
Other Email Systems
Most email systems will show you the real email address above the message itself, similar to Outlook Web and Thunderbird, or by holding your mouse over the sender name, like gmail. If you have problems finding the real email address, you can search for “see actual email address in …” where … is your email system. That is exactly what I would do if you asked me the question.
On a smartphone
I highly recommend not even opening suspicious emails on your phone. Just opening an email may send information to the sender letting them know that you got the email and are reading it. It is best to leave these emails unread until you can open them on you computer.
The 2 suggestions mentioned in this post will help you catch a lot of illegitimate emails that are trying to trick you into clicking on a link or downloading a malicious document or software. There are many other things that you could look for, but I wanted to share a couple of simple concepts that could prevent you from falling into common traps.
Please be paranoid about unsolicited emails about accounts, bill, fees, collections, or even security related emails that look like they come from a popular website. If you are not sure if something is legitimate, be cautious. Getting rid of a virus or other malware is often very painful and costly.