Though this scam has made the rounds in the past, it’s rearing its ugly head again and is wreaking havoc on unsuspecting USPS customers.
The scam works like this; you receive an email letting you know that a package was not able to be delivered to your address. In order to claim the package, you simply have to download the attached shipping label and bring it in to your local USPS.Unfortunately, the Word® document that is attached to the email isn’t a shipping label, it’s a virus. These viruses typically phish for personal and banking information on your computer and can create a real headache for you. So how are you supposed to know the difference between a legitimate notification and a phishing one? Use the tips below to be more aware of some common email scams.
- Check the send from address – in this case, the email was sent from firstname.lastname@example.org which looks like a very legitimate email address. However, the postal service’s website is www.usps.com not .org. By checking the URL before opening the attachment, you’re going to see a red flag about this email.
- Hover over links – many phishing emails will encourage you to visit their website and may even show a legitimate URL in the body of the email. However, when you hover over the link or address in the email (don’t click on it, just hover your mouse over it), you’ll often see that the URL is actually directing you to a completely different site. This can be a sign that the email is in fact, a phishing attempt. As a side note, plenty of legitimate companies will have links in their emails that do not look legitimate too. If they are using an email marketing program to send their emails or to track clicks on any given message, the URL could look strange to the end user. So this isn’t a sure fire way to tell that an email is a phishing message.
- Seek out a trustworthy source – if the email is coming from someone like your bank or credit card company, the notification should appear in your email as well as in the secure section of their website. Instead of clicking on a link in an email, go directly to the company’s website using your browser. Then login and look for the notification in the messages from the company.
- Look in the “to” address – in the example below, you’ll see the words “undisclosed recipients” in the “to” field. This typically means it was sent to multiple people and the addresses have been placed in the BCC field. Typically, a legitimate notification will show your name or email address in the “to” field.
- Use common sense – if you aren’t expecting a package, or have not done business with the company that is sending you the notification email, then there is a good chance that the email could be a phishing attempt. It is unlikely that you have a 5th cousin in a far off country that needs you to send your banking account information in order for them to wire you millions of dollars (but hey, it could happen!). Before you click on a link or respond to an email, stop and think about the email itself.
It is estimated that over 156 million phishing emails are sent every day and of those, 16 million make it through the spam filters. If you haven’t yet encountered a phishing email, you likely will. Being prepared and knowing what to look for will help you keep your personal information private and secure.