Email is common vehicle for cybercriminals to use to spread malware, infect computers with viruses, and trick people into divulging private information so they can access financial accounts, corporate records, and other data. Use caution when using email and follow these guidelines.
Beware attachments. Only open email attachments from a trusted source. Remember, most businesses, banks, retailers, government agencies, etc. won’t send you information (such as an order confirmation or account update) as an attachment but will send information in the body of an email.
Don’t click links in email messages. Avoid clicking live links that are included in the body of an email. This is how most viruses and malware infect a computer. Hover over the link with your mouse to see the full URL of the site and check whether it is legitimate. Then, type the URL into your browser by hand.
Don’t share personal information over email. Financial services such as PayPal, banks, retailers, government agencies such as the IRS, and other reputable companies won’t ask you for information via email. Never provide information such as your Social Security number, a corporate tax ID, bank or credit card account numbers, social security numbers, or passwords over email.
Know the warning signs. Malicious emails often contain spelling errors, grammatical errors, or information that is slightly “off.” For example, you might receive an email that uses your bank’s colors and logo, but that contains strange capitalization errors and spells the company name wrong. It may also use urgent language compelling you to comply with a request to update your information or click a link to log in to your account. Reputable companies won’t ask you to take these kinds of actions via email.
Beware email trails. Emails can get forwarded many times so it’s difficult to tell who the original sender was. For example, the email may look like it came from your boss or a trusted friend, but the original email may have come from a fraudulent source. It is worth a few extra minutes to backtrack and figure out the original source.
Use a spam filter. Most email clients are equipped with a filter that will keep suspicious emails from reaching your inbox. You can also configure your email to filter out any suspicious or untrustworthy addresses or content. However, you still need to question every email that arrives in your inbox.