In my previous post I wrote about how a person I know got scammed on email and had to loose control of his email ID as well as face the embarrassment of people asking him how he was stuck in the UK and lost all his money on gun point. His email was actually the target of a phishing. To understand what is Phishing you need to think about scammers who scam normal people out of their money. Phishing is a way using which scammers trick internet users out of their personal details and also financial details after which they take ownership of email accounts.

So As promised I decided to do a list of things to be weary about when checking emails from unknown people, this is the only possible way that phishing can actually be stopped. Making sure no one can gain access to your account is the key. If you do loose your email address and its a Gmail address then check this detailed post about recovering your Gmail account in case you loose it, you can access it here. For most other Email Id’s I am not really sure of the recovery methods, might need to get researched.  So here is the list :

1. Be careful when you receive an email with a link from an unknown email address
2. The Phishing emails are built usually to collect personal or financial information from you and this would mean that the information would be used elsewhere. So unless you email your Id’s and Passwords the only other way is to get you to click a link and feed in this information.
3. In cases when the email is from a corporate address like a bank, a bigger website etc the scammers would really be veiling the email to make it look as close to the actual email as possible; But senders ID and look and feel cannot be the only judge of the legitimacy of such an email.
4. Scammers would use email Id’s from very close looking email domains, the email Id’s might come from remove@msn.net or info@icicibanksindia.com or director@anycompany.org ( as most companies will have .com and not .org)
5. Most email scams are of fake emails from very big brands like eBay, PayPal, Bank of America and many Indian Banks like HDFC, ICICI. The look of the email might get people to check the links without even looking at the email twice.
6. They can even send you an email from anonymous email sending websites, which you can find in plenty online.
7. So, by checking if the email is really a valid email or not can improve your safety.
8. Once you find a link within your email you need to mouse over on it and based on the browser you will find the linked URL in the status bar of your browser. Check if it actually shows the actual website of the company whose link you are clicking.
9. In case of Internet Explorer or browser where you cannot find the URL on mouse over, you need to right click on it and select the properties option which will show you the URL Address to which its linked to.
10. More often than not, the link to scammer emails will be to some IP based URL which might be a phished link.
11. In case it is still not an IP address based link then you might need to check the spelling of the link, it might be wrong. Taking an example, a website that might be wanted to look like icicibank.com might look like, icicibanksindia.com or icicbank.com.
12. After the email Id, the other thing to look at is the email subject, you will not receive emails from your friends saying things like, MY Predicament, or Verify your account, or limited Period Free Samples offer or Final Warning – Confirm your account within 48 hours, click on the link to confirm your account
13. The title does make a lot of difference and when the sender is trying to send you information about some urgent issue then the read rate increases, so in case of very important issues, its better to call the office and check about things like verify account info, click to activate within 48 hours etc.
14. Most companies will not require you to enter your personal information or financial information though email accounts but personally at the office. So before you enter information like that it is better to check the website is they have announced the same or even call them to check the same.
15. Check for https:// instead of http:// as most organizations that require you to enter information would use such secure channels.
16. Do not use Internet Explorer as your browser, upgrade to Google Chrome, Firefox or another browser.

Always keep these few things in mind to verify the links you receive and in case you feel that the link may be a correct one, use a free proxy website and check the link there first and if you have confirmed it that its the correct one, you can proceed with it.