How to avoid falling for email scams

Early one Sunday morning, my editor, Yahoo Finance’s Erin Fuchs, checked her personal email and was surprised to find a message from PayPal (PYPL). The missive said she had recently changed her password, and asked her to call a phone number if that wasn’t the case.

It wasn’t, so Fuchs called. The email had come from a “service@paypal.com” address and included a link to the PayPaypal website. However, she became suspicious when the person on the other end of the line asked for her credit card information to “verify her account.”

Phishing email.
An example of a phishing email.

It doesn’t matter who you are or what email service you use. If you have an email account, you’ve received some kind of scam, or phishing email, just like my editor.

Most of the time, these emails are relatively easy to spot. Some African prince or other wealthy individual wants to send you money until he can make it to the US. You just need to send your bank account information and Social Security number.

But criminals are quickly changing their tactics, firing off more sophisticated emails in an attempt to trick you into giving away your personal information. According to Gary Davis, chief consumer security evangelist at Intel (INTC) Security, in a recent study, more than 19,000 people were asked to look at 10 emails and identify which ones were scams. Only three percent of them were able to find all of the phony messages.

Worse still, some phishing messages contain ransomware, which locks down your entire computer until you pay the culprits a ransom.

Yes, it’s a scary world out there. But there’s hope. If you follow some of these quick tips, you’ll be able to stay one step ahead of the bad guys.

Read the subject line and sender’s address

Phishing emails are designed to sucker as many victims as possible. They cast a wide net by covering topics like banking and package deliveries—two things most people generally receive emails for.

You should be on high alert if you get a message from an unknown sender with a subject line mentioning changes to your bank account—or that you need to pick up a package that can’t be delivered—and you aren’t expecting either of those things. It’s probably a phishing attempt.

Just delete the message and move on with your life.

Hover over links

Okay, so you can’t remember if you changed your bank account info or aren’t sure if you have a package in the mail, so you open the email. That’s cool. As Intel Security’s Gary Davis explains, it’s rare that just opening a message executes any kind of code on your computer.

Phishing emails.
It doesn’t matter what email service you use, you’ve definitely received a phishing email.

The message, however, tells you to click a link to check out the changes to your account or the status of your package. What do you do? Simple: Hover your mouse over the URL. When you point to a link without clicking, most web browsers and email programs automatically display the web address that link will open. If the email says it’s from your bank or delivery service, but the link points to a different site, don’t click it.