How to Recognize a Fake Link in an Email

If you receive suspicious or phony emails, especially ones asking for personal or financial information and include a link to a Web site, be wary of going to that site. It may well be a fake site masquerading as a real one.

If you click on a link in an email and it takes you to a completely different Web site than you anticipated, be suspicious.

Many commercial Web sites use a security certificate as part of a system to make online transactions safer and more secure. You can see the security certificate by typing the Web site address into the address bar by starting the site name with "https://" instead of the usual "http://." This also activates the certificate.

If you are using Internet Explorer, you are able to access and verify the security certificate to ensure that you are viewing a real Web site. To access the security certificate, double-click the icon showing a padlock on the status bar of your browser. The name that the certificate was issued to should match the name of the site you are viewing.

Some clues can help you spot emails that may have fake links. Phishing emails will often contain poor grammar and misspelled or missing words. Supposedly, the mistakes actually help the sender of the fake email avoid being caught by email “spam” filters.

Some emails that include a fake link can be extremely realistic. Some phishing emails can even contain the real name of somebody, for example the president of your bank or company. (It’s relatively easy to find this information for phishing purposes.) Some phishing emails may appear to be from a particular person, as well.

If you are dubious about a Web site–say you have just followed a link to your bank’s Web site and checked your balance or performed a transaction–check your account in a few days to make sure everything is present and correct. If anything is not as it should be, report the discrepancy to your bank or credit card company immediately.