Being one of the more technologically capable members of my social circle, I am often asked if a specific email is a scam.
Usually it is.
But what if it seems real? What do you do if that email honestly feels legitimate? Well, I’ve been thinking about how to simplify my own rules and actions into general “rules of thumb” for others to easily understand and follow.
Here’s what I’ve got:
- Is the email unexpected?
- Get the URL / contact info with Google
- Google the email itself
Let’s break these down.
Is the email unexpected?
Let me explain this with a couple examples. If you go to a web page and click “I forgot my password,” I imagine the subsequent “password reset” email is fairly unsurprising. It’s safe to say that this is not a scam.
Alternatively, let’s say you’ve simply been enjoying your day, doing cartwheels and whatnot, and then you get a “password reset” email. Here, most likely, someone else is is trying to reset your password, or it’s a scam. The link may take you to a fake (but identical looking) website, asking you to put your old and new passwords. You’ll then be handing your password over to whoever runs that site.
If an email is spontaneous, if you weren’t expecting it, there’s a very strong chance that it’s a bad email that means you harm.
But is it possible for an unexpected email to be legitimate?
That is the point of email after all, to notify you of things. Sometimes those things require actions on your part. Perhaps the site has suffered data loss due to a hack, and wants everyone to change their password. Well, when something like this happens, consider my next rule of thumb.
Get the URL / contact info with Google
It doesn’t have to be Google, of course. Feel free to use Ask Jeeves or… Bing. But the spirit of this rule is to only allow the email to serve as a notification; don’t let it help you accomplish the task. If it supplies a handy link to take you somewhere, don’t use it. Pretend you deleted the email accidentally, but still want to do what it said.
Maybe that means going to the website manually and finding the option to reset your password. Or, maybe that means googling for the contact info, calling, and asking about it – do NOT use a phone number supplied in the email.
The point is that by doing this you’re now doing something outside the control of the scammer. The whole mission of the scam is to scare you into clicking their link or calling their number.
Google the email itself
Another tip is to Google parts of the email. Often this will take you to discussions about the very same email. Reading through what others have to say can help you to determine if it’s a harmful email and even help you gain some insite as to how others know.
Hopefully this post can help even just one person avoid even just one scam.