Chase sent me an email message today. Or did it really? The email message below (click to enlarge) has the Chase branding and physical address. Overall, it has a lot of the signs of a valid email including unsubscribe options. And, it’s slightly alarming. My online banking access is suspended? Someone in another country recently logged in? The fear the message stirs up compels me to act. I almost click the link before I start to think about it more.
Always check the address of the link before you click!
As I hovered over the link identified by the red #2 above, I noticed something strange about the address it was going to lead me to shown next to the red #3.
The text for the link in the email shows it going to chase.com but the link is actually leading to another domain, Myvnc.com. This is always a bad sign. When you receive a message asking you to log in to your bank account, make sure that the site you’re going to is actually your bank’s website! In this case, the phisher wants to collect my bank account number. I won’t click that link because who knows where it goes. It’s possible the site has been shut down already because these types of phishing campaigns rarely go to just one person and the scheme may have already been shut down. If I did go to the link and it was still operating, I wouldn’t be surprised to find a replica of Chase.com. The goal would be to collect Chase account numbers and maybe even passwords.
Always check the sender email.
In the email above, you can see the sender of this email is firstname.lastname@example.org. .ru indicates a Russian domain. Nothing against Russians, but we know the country is a little less active in shutting down malicious internet activity, so this is an immediate warning sign alone.
Beyond the .ru domain name, here’s an even better indicator. Above is a picture of a valid email sent from Chase. Notice the from address is actually chase.com. From addresses can be faked, so this alone isn’t enough to prove this is a valid message. However, Gmail provides an extra layer of security. Notice next to #2, that Gmail identifies an email signature has been included that Gmail has verified. This second example message is signed by chase.com, so that’s a pretty good level of assurance it’s not someone trying to steal my personal information by Phishing.
Report phishing activity
When you pick up signs like Hint #1 and Hint #2 that an email you’ve received is attempting to steal your personal information, let your email provider know!
My email provider, Google, has a special “report phishing” link available in every email.
When I click this link from the drop down menu in the upper right hand corner of an email it leads to a screen with a description of what phishing is.
Phishing is a form of fraud…
You can read more about phishing in Gmail Help on Unwanted or suspicious messages in the article Messages asking for personal information.
Reporting phishing helps your email provider identify these kinds of bad emails and help shut them down. It’s good for you and others who might have received this kind of message.
Sometimes an email you receive isn’t trying to steal your personal information but it’s still not something you or anyone else would want in your Inbox.
When you receive an email from an unknown sender, instead of reporting it as phishing, report it as Spam. Gmail makes this option much easier because it’s much more common to receive spam than a phishing message. Reporting Spam separately from Phishing messages helps your email provider take the appropriate action. Spam is bad, but it’s not nearly as dangerous as phishing.