Scammers send fraudulent emails (called phishing emails) to try and steal your personal information, account information, passwords, or to try and get you to take an action that is beneficial to them. In these emails, scammers will frequently tell a story that may seem believable to try and get you to click on a link, open an attachment, or send them something.
Phishing emails may pretend to come from a company you know and trust, like your credit card company, bank, or utility company. Scammers may even pretend to be Silver Star!
When claiming to be a familiar company, scammers often do one or more of the following:
- Claim there is an issue with your account or payment information
- Claim that you need to confirm some sensitive information, either personal or financial
- Include an invoice that you do not recognize or did not expect
- Want you to click on a link to make a payment or update information
- Claim something that is too good to be true
To identify an email masquerading as a familiar company, look for some of the following red flags:
- Email invites you to click on a link to update your information, especially for payment
- Email says your account is locked out or on hold for a billing reason
- You do not have an account at the company
- Email comes from a public domain email like @gmail.com, not the company’s domain
- The company’s domain name is misspelled
How Do I Tell If They Aren’t Pretending To Be A Company?
Not all scammers will pretend to be a company that is familiar to you, some may pretend to be friends or associates. To spot general phishing emails, use the below tips. You can use these as additional ways to spot fake company emails!
- Email has a generic greeting
- Email contains urgent calls to action or threats
- Email is inconsistent with other emails you have received from this person
- The email is poorly written, contains frequent misspellings, missed words, bad grammar, or mistakes that a native speaker would not make
- Email is from someone you do not know or has never emailed you
- Email contains suspicious links
- Check this by hovering over the link and checking the URL and identify if it matches where it says it’s going
- Consider if this is a link you are expecting to receive from this person
- Does the link match the context of the rest of the email?
- Email contains suspicious attachments
- Consider if you expect to receive that attachment from that person
- Does the attachment make sense in the context of the rest of the email?
- Consider if the file type is one you recognize and make sense
- Always be especially wary of .exe file types, as these may contain executable viruses
What If I’m Not Sure?
When in doubt, go to the source!
- If you are doubting an email that seems to come from a company:
- Go to their website directly through your web-browser (not email links) and login to your account there. This lets you check your account without risking the possibility of malicious links
- Call their customer support
- If you are doubting an email from someone you know
- Contact them a different way and see if they sent the message you are questioning
If you still can’t figure out if the email is legitimate, do not interact with it, do not click any of the links or attachments, and discard the email. When it comes to phishing, you are better safe than sorry.
What If I Think I Clicked On Something Malicious?
- If you think the scammer has access to your email, follow the steps in our Help I Think My Email’s Been Hacked! article
- If you think a scammer has your information, like your credit card number, social security, or bank account number, go to IdentityTheft.gov for actions to take based on the specifically compromised information
- If you might have downloaded harmful software, make sure your device’s security software is up to date and run a malware scan to identify and remove the software