One of the most important digital skills you can build to protect yourself from phishing and online scams is to verify that the person contacting you is actually who they say they are. This blog post will focus specifically on verifying email senders, but knowing how to verify someone's identity can protect you from predatory phone calls and social media scams, as well.

Identify Suspicious Emails

1. Does the email address match the name?

   
   

Our clients frequently get emails claiming to be from Tao Websites, Wix, Squarespace, or other service providers. While email addresses can be hacked, that is not usually the case. Rather, spammers can use any name they want. What they can't change is their actual email. So, pay attention to the information that follows the @ sign in an email. Does it match the sender's website?

For example, in an email from Wix, the info after the @ should end in wix.com, as in the following email. Zoho Mail, which I use for work, also shows a blue checkmark symbol when an email is from a verified sender.

Below is a screenshot from Gmail showing an email from a nearby university. The info following the @ matches the website of the organization.

Also, beware of unknown senders with generic email endings like gmail.com, hotmail.com, aol.com, etc. These may be innocent personal email addresses, but anyone can set them up for free.

If you get an email from hello.taowebsites@gmail.com, for example, it is not from us here at TAO Websites. Someone set up a fake personal Gmail account impersonating us. Unfortunately, these types of scams have cost our clients privacy, hassle, and money.

In summary, if the URL following the @ in a sender's email is not the URL of the organization's website, the email may be a fraud.

2. Are you expecting an email from this sender?

In the example from Gmail, above, I am not surprised to get an email about permaculture from OSU. I've signed up for emails from this organization on this topic, so it makes sense that I'm receiving it.

Another example: Let's say you meet a new connection at a potluck. A few days later you get an email from a gmail.com address with the subject line Hi from the Potluck! In this case, it's probably your new acquaintance. Didn't go to a potluck recently? Then don't engage with that email!

One of the most common scams currently making it through my spam filters is receipts and invoices for transactions I have never made with organizations I've never heard of. The scammer hopes that in my confusion I will open their attachment or respond, which could lead to more spam in the future, or even worse, could compromise my digital security or infect my computer with a virus.

Rather than clicking on these suspicious emails, I review my financial accounts to identify unapproved charges. Many banks and credit unions offer fraud protection as long as you report unauthorized charges in a timely fashion.

3. What is the email asking you to do?

Be especially wary of emails that want you to download an attachment, share personal information, or make a payment. These are common scammer tactics. Criminals often try to make their targets feel confused and rushed, so they act without double-checking.

4. Does the language in the email seem inappropriate?

A recent spam email I received said "Greetings! Confirmation for Order payment received." Another began with "Howdy!" These salutations don't sound professional in routine transactional emails, and the uneven capitalization also makes me suspicious.

Responding to Suspicious Emails

1. Do not open attachments, click on links, or respond

If you have thought through the questions above and decide an email may be suspicious, it's best not to even open it. It is unlikely you would catch a virus this way, but it may let spammers know your account is active. Opening attachments, enabling HTML, or clicking on links in suspicious emails can expose you to malware. Do not follow instructions, share personal information, or respond in any way.

2. Verify through a trusted communication channel

We frequently have clients forward spam emails from people impersonating us. You now know how to identify spam accounts yourself, but if you're still not sure, this is the right thing to do. Contact the organization through an email or phone number that you are absolutely sure belongs to them.

This tip works just as well for those phone calls pretending to be from Social Security or your cable provider. Hang up and call the customer service number listed on the organization's website. Ask if they have tried to contact you recently.

3. Report or mark as spam

When you do receive spam, most email providers make it easy to report it, mark it, and/or block the sender. Don't even click unsubscribe links unless you trust the sender.

As a former librarian and current web designer I've seen the people I work with hurt by these scams too many times. Don't feel bad if you fall prey. Digital security is, unfortunately, not easy or foolproof. I've been targeted too. When and if you are a victim of an online scam, take action right away:

• Report the fraud to relevant organizations.

• Reset your passwords.

• Run a highly rated-virus scan program like Malwarebytes (which is free and downloadable at www.malwarebytes.com) to get rid of any viruses or trojans you may have on your computer.

• Turn on multi-factor authentication for your important accounts.

Above all, stay informed. The Federal Trade Commission has even more detailed information about phishing scams and online security.