Hackers often send me phishing email messages in order to trick me into clicking a link, then trying to login to their fake web page, stealing my login credentials in the process. So how do I keep safe from such attempts?
Just this morning I received an official-looking email, claiming to be from Navy Federal Credit Union.
This email has a beautiful layout, official logo, pleasant stock photo, even nice fonts, so at first glance it looks legitimate, but being suspicious I begin to notice the telltale signs of a phishing scam:
- Dear Member - a real company knows my first and last name, along with an account number. Both of those are missing.
- Grammar - try reading the first sentence, it's totally disjointed, so English was not the first language of the hacker.
Clicking on the sender's email address is always the defining identity test.
OK, so even the sender's email address is bogus, because shuttleplanet.com is not navyfederal.org. The final determination that this is a phishing scam is that pretty, Orange button that they really want me to click, so just hovering my cursor over it reveals that the link has nothing to do with navyfederal.org:
There you have it, I know with 100% certainty that this is a phishing email, not a legitimate one, however the sender was clever in making this email appear to be real with use of a beautiful layout, nice fonts and official logo. So be wary of email messages that invite you to click a button or click a link, because it just may send you to a hacker site that steals your login credentials instead.