An email came into my inbox the other day from Bank of America requesting me to log into my online account and update my account information. The thing is – I don’t bank with BofA! In the email, it also has a link directly to the login page. Woohoo. Another phishing scam.
The event triggered me to write this post because there is a way to easily figure out if an email is from a legitimate source. Every email is sent with what’s known as an email header (or message header). This section of the email contains the source of the email (i.e. which server it came from), the date, time and also other information that can help us determine the authenticity of the incoming mail.
One of the schemes people like to use is to fake a “from” address. For example, the Bank of America example had an email address of onlinebanking@alert.bankofamerica.com to trick you into thinking that it actually came from the bank. However, if you look at the header information closely, you will spot inconsistencies.
In order to look at it, right-click on the email in question and click on Options (the example is given in Outlook 2007 but other email programs will have a similar feature too).
Doing so brings up the following dialog box:
As you can see in the above picture, the internet headers portion includes information that you usually don’t check. On the very first line, there is something called the “return-path”. Usually, emails from a company will have a return-path that also has the same domain. I would be suspicious if this is different because it means that the email was not sent from the same server as the company’s standard email system. In my example, the Bank of America email showed Return-Path:
Of course, checking the header information is a bit of a hassle. So perhaps the best thing to do is to never click on any link from any email you receive. For instance, even if you believe the Bank of America email to be genuine, launch your browser and log onto the website manually.
It may be a hassle, but it’s worth the peace of mind.
Promote or Save This Article
If you like this article, please consider bookmarking or helping us promote it!
Print Post | Email Post | Del.icio.us | Stumble it! | Reddit |
Related Posts
- Confirm Your Free Subscription to the Frugal Newsletter
- How to Find the Best High Yield Savings Account Rates
- Ally Bank Review
- Starbucks Gift Card Giveaway
- California’s Weird Law for Cheques
Subscribe! (and Get a Mini-Course with Free Registration)
Follow me on twitter! In addition, subscribe to grab free amazing content or take advantage of the newsletter to have content delivered to you. For starters, a 7-part mini course to help you spend less and be happy will be delivered to you when you subscribe!(Don't worry about spam, because we hate it as much as you do!)
Twitter
Facebook
Subscribe
{ 7 comments… read them below or add one }
For something like banking, it’s best to never reply to an email, no mater how legit it looks. Almost anything can be spoofed it seems these days. Just create a shortcut to your bank, or horror of horrors, just type in the URL.
Great method for combating phishing. Thanks
Great to see somebody addressing this issue with all the SPAM we are bombarded with on a daily basis. I get updates from my bank everyday in my inbox but never provided any links. If there is a link in the email it isn’t legit. At least for me.
Lauren: That’s also a good indicator. There are many little things that you are tell whether an email is from a bad source or not but the bottom line is that we need to be careful with these things.
This was very interesting info – thanks!
Chief Family Officer: You are welcome!
Debt Free: Yup I always type in the URL for everything
Whenever I visit my dad and do this, he always makes a comment that it’s slower but it is actually faster for me to type out the URL than to find the shortcut or bookmark with a mouse.