Email Safety
Learn to identify phishing emails, handle suspicious attachments and links, and protect yourself from email-based scams.
How Email Scams Work
Email is one of the most useful tools of modern life โ staying in touch with family, managing accounts, receiving important information. But it's also one of the most common ways scammers try to reach you.
The term for email-based scams is phishing (pronounced like "fishing"). Just like a fisherman casts bait hoping a fish will bite, scammers send emails hoping someone will click a link, open an attachment, or reply with personal information.
Why Email Scams Are So Effective
Phishing emails work because they imitate organizations and people you trust. A well-crafted phishing email can look identical to a real message from your bank, Amazon, Medicare, or even a friend or family member. The logos, formatting, and language all appear legitimate.
The numbers are staggering: Billions of phishing emails are sent every day. The vast majority get caught by spam filters, but some inevitably make it through. And it only takes one successful attempt for a scammer to gain access to your accounts or personal information.
What Scammers Want From Phishing
Different phishing emails have different goals:
Login credentials: They want you to click a link and enter your username and password on a fake website. With your login, they can access your accounts.
Financial information: They want your credit card number, bank account details, or Social Security number.
Computer access: They want you to open an attachment that installs harmful software (called "malware") on your computer.
Money: They want you to send money directly โ through wire transfer, gift cards, or other means.
Information for future scams: Sometimes they just want to confirm that your email address is active and that you respond to messages, so they can target you with more sophisticated scams later.
The Anatomy of a Phishing Email
Most phishing emails follow a pattern:
- A trusted sender name: The "From" field shows a name you recognize โ your bank, a company, a government agency, or even a friend.
- An urgent message: Something requires your immediate attention โ a problem with your account, a suspicious transaction, a package delivery issue.
- A call to action: Click this link, open this attachment, reply with information, or call this number.
- A consequence for inaction: If you don't act, your account will be closed, your payment will fail, your information will be compromised.
The "From" Field Can Be Faked
This is crucial to understand: the name and email address in the "From" field can be faked. Just like caller ID can be spoofed on phone calls, the sender information in an email can be anything the scammer wants it to be.
An email that says it's from "Bank of America" or "service@bankofamerica.com" might actually be coming from a scammer on the other side of the world. The technology to fake this is simple and widely available.
Your Email Is Your Digital Front Door
Think of your email inbox like your physical mailbox. Most of what arrives is legitimate โ letters from people you know, bills from companies you do business with. But occasionally, something suspicious shows up โ a letter from a "contest" you never entered or a fake invoice. You wouldn't hand over your bank details because of a suspicious piece of mail, and the same caution applies to email.
The rest of this module will teach you exactly how to tell the difference between legitimate emails and scams.