In my previous corporate job as a Product Marketing Manager I used to fly around the world for business and so I signed up for the United Airlines mileage program in order to earn free tickets and other perks. This morning I received an email from the MileagePlus United program, or so I thought. Just to be safe I did some quick checking on this email to determine if it was legitimate or just another phishing scheme to steal my identity and mileage points.
First up on the scrutiny list is just the heading of the email message itself:
This header showed the correct last four digits of my account number, and they also personalized the email by using my first name in the message. These are both excellent signs that the email is legitimate, because the bad guys typically don’t have this level of information about you, maybe they would know my first name but certainly not my account numbers unless United had been hacked.
Next up is the actual link that they want me to click on:
That link address appears when I hover my mouse over the sign in, and it clearly shows a trusted address of: news.united.com
Near the bottom of the email is a button, so I check out the link address for Learn more.
Once again, this link is OK because it contains: news.united.com. This is a trusted address that United Airlines does own.
United is a big company, so they always have a lot of legal text in the footer:
The final check is looking at the From address in this email:
That address of news.united.com is also OK, because it contains united.com, a trusted web address.
I also noted that the message itself was written in American English, and that the spelling was proper, the grammar was correct, and that the message made sense instead of being computer generated gibberish.
Well, there you have it, doing a little extra checking on official-looking email messages is worth the effort to validate that this was a legitimate email from United Airlines.