Tips for catching "phishy" messages

Scams that pretend to be people or organizations you know are called "phishing" scams because they put out a hundreds or thousands of "lines" - messages - in the hope of catching a few people off guard. It's a highly effective tactic and it's only gotten more successful over the years.

Nobody - even internet security professionals - is completely immune to these scams. But there are ways to spot them that will help protect you. Here are a few guidelines to follow:

Is this email or text real?

When it comes to emails and texts, here are a few things to check that will help you catch scammers:

• Are you expecting to hear from this person? If the message is vague or is about something you have not previously discussed, it's suspicious!
• Are they asking for money or personal information? Most scammers want your money, your personal information, or both. If an unverified person wants money in any form, or asks for your birthday, address, credit card number, or social security number, don't give it to them.
• If you get a text message claiming to be from someone you know, check to see if their name shows up as the sender. People and companies you have saved in your phone contacts will have their names listed. If there should be a name but you only see a number - that's a scam.
• Check the email address. If you get a message you aren't sure about, or any message asking for money, see who is really sending it by checking the sender's address. Detailed instructions for doing this on desktop and smartphone are below.
• Check the wording, grammar and punctuation. This tactic is subtle, but can often be your first clue that a mesage is fake. For example, I got two emails claiming to be from priests in the Diocese of Alaska and asking me to reply. Here is how I knew they were fake:
  • The message asked for a favor but gave no details (the initial red flag)
  • The message was poorly punctuated
  • The message had grammatical errors
  • The message used words or phrasing that at least one of the supposed senders does not habitually use (in this case, saying "Blessings" as a closing)
• And the confirmation:
  • Both messages were identical except for the sender's name
  • I have one of the supposed senders in my address book, but the name in my address book didn't match the name in the email - it was punctuated differently
  • The sender's address was a random gmail address
  • Both messages were sent from the same (fake!) address

Are you expecting a message or call?

If you get an unexpected phone call, email, or text message that claims to be from your bank, credit card company, or another financial institution, be suspicious! Most companies will not contact you unexpectedly. And these days, even phone calls can be faked. If you get a phone call you think might be real, for example from a credit card company telling you about fraudulent activity, thank them, tell them you can't talk right now, then hang up, look up the number, and call the company back yourself to check whether the problem is real.

Does the message say there is an emergency?

Scammers, whether they are pretending to be a friend or colleague or impersonating a business, often try to create a sense of urgency so that we will be less likely to take the time to check out whether the situation is real before acting. Did your nephew-in-law call you from Paris needing money after being mugged? Is the IRS threatening legal action because you made a mistake on your taxes? Does your priest need gift cards to help a homeless family but is too busy in meetings to buy the cards themselves? Those are probably scams! So take a deep breath, then contact the person or company yourself to confirm whether there really is a problem or not.

How to check an email sender's address

When you get a suspicious message over email, you can check the address on a desktop computer by clicking the arrow or carat under the sender's name to show the sender's address. You can also hover your mouse over the sender's name; the address will usually pop up in a box, or it may show up at the bottom left of your screen. On a smartphone, there should be a little arrow or carat under the sender's name that you can tap to show their address and other information about the message.

Official church emails from St. Mary's will always come from a godsview.org email address. So if an email claims to be from Rev. Michael but the address is "[email protected]" or something random like "[email protected]" - it's not real! When people create email accounts, they can give them whatever sender name they want. So check the address.

I got a scam message! What do I do?

If it's an email or text message, delete it right away. Don't reply. If you get a scam phone call, hang up. Then, contact the person or organization the scammer was pretending to be so that they can warn others about the problem.