Recently I received an email purporting to be from my credit card company in my e-mail inbox; saying that since my account details had changed, they needed to verify some details.
It was very well written, and even included a note about “if you are concerned about clicking links in this e-mail, the services mentioned above, can be accessed by typing [link] directly into your browser.” along with the name and business address for an officer at the credit card company.
What I do when I receive such e-mails is that instead of clicking any links, or typing in any links that they give me, I go into GOOGLE and type in the name of the credit card company or bank in question.
This brings up the official site for that company rather quickly and I can check there whether the alert is a real one or a phishing scam intended to steal my money.
Once I had confirmed through the official site that there was no such alert placed on my account; I investigated the e-mail more closely; and found the following errors:
The e-mail address in the “FROM” header was misspelled – onlinse-[name]@service.com instead of online-[name]@service.com
Hovering my cursor over the link revealed a nasty trick. The text said www.[bankname].com; but the actual link was to a totally different website that had nothing to do with the bank.
It was really pretty devious, and would have fooled someone a little less observant.