You should never reply to any financial emails by email, click on any links, or dial any phone numbers mentioned in there PERIOD. Scammers could easily have both, your full name and your email address.
Web addresses should be typed in by hand or remembered in browser bookmarks. Phone numbers must be looked up independently.
How do you respond?
Web addresses should be typed in by hand or remembered in browser bookmarks. Phone numbers must be looked up independently.
I have never had to respond to any financial institution by email – most of them cannot receive email. So if someone asks you to reply, it’s most likely a scam.
There are VERY FEW legitimate instances when you are required to click on a link in an email. The big one I can think of is to confirm your email address, which happens immediately after you sign up for a new account or after you change your email address for an existing account.
I have also recently seen emails that are sent immediately after a big transaction to confirm whether it is your transaction or not (it had a big YES or NO link). I don’t think there’s any easy way to be sure that this email came from your credit card. I use unique email addresses for every bank, and nobody else knows those addresses. So when I receive an email from my bank at that specific email address, I can be certain that it is legitimate. If you use one email address for everything, there’s no way to know.
Thanks scripta. Good info.
It’s really a terrible instance to be caught in a scam. Only happened the one time. But, so true, when hit, you wonder how you let it happen. The scanners are so good. Almost impossible to figure it could happen until you look back & follow the trail.
I think that you can be somewhat comfortable with that tactic, but absolutely not certain of the legitimacy of email arriving on the correct alias.
I do the same thing with alias email addresses that you described, and I’ve gotten email on some of these aliases from scammers. It’s not just retail websites, either. I got a scam email on my Chase alias in 2012 or 2013.
Additionally, I suspect a couple of my CUs share my address with their marketing “partners”. I’ve gotten insurance pitches and other junk on those addresses, and they are not from the CU.
What? No mention of the dark web? That’s where that $6 number will get you correct info. OTOH, if you’re looking for non-public info on a specific person, then you will have to open your wallet a fair bit wider.
ETA: The sites that you mentioned will help in being able to social engineer further information and possibly guess passwords / security question answers. Regardless, unless you’re doing this for legitimate reasons (looking up tax records for purchase negotiations, etc.), most of this stuff is nosey at best and illegal at worst.
In addition to @scripta’s excellent suggestions, I would copy the link in the email and then paste it into my browser. Before hitting [enter], look at the link to see if it was actually going to the bank’s domain.
Also look closely to confirm the domain is spelled correctly. Lot’s of scammers buy domains that are one letter off from the legitimate domain.
Most scammers figure that people value their time more than their money and will just click a link instead of doing any sort of due diligence to ascertain the veracity of the email/link.
Either that, or people don’t know any better. Despite your example, I can’t believe that you’ve never been told to NOT click on links in email. I’ve heard it and preached it to clients since the late nineties, or early naughties.
Not that it will help, but you’re not alone. State employees of CA will probably find out soon.
I don’t recommend this approach to people because the type of person who needs this advice isn’t the type of person who is going to look closely enough to notice the slight misspellings (rn instead of m, for example) that you mentioned.
Personally, I type the domain name and then paste the rest of the URL just to be safe. That way I get directly to the intended page but with no chance of overlooking a scammy domain.
Thanks Honkinggoose. I have a grandson that just started work for the State of CA.
You’re right I never should have clicked it. But it looked absolutely perfect, just wanting to upgrade my PayPal information. What a dumb, dumb I was. 
I was not being sarcastic, sorry it came off that way. The things you mention are just public record (that’s what spokeo and all others gather), though I have not tried to use them on myself (for fear of creating a data point or giving them / confirming my personal information as part of the order). You mentioned credit card transactions in your earlier post, but not in the latter one, and that’s what I’m really interested in. I know that services like idine (rewards network) and other card-tied reward systems get access to all card transactions, but if I don’t sign up for it, nobody should be collecting my CC transactions and making them available for sale. I actually sign up for them strategically, i.e. I have just one card that I use for restaurants and that’s the card that’s in one of those airline mileage dining programs. I figure that’s pretty limiting and I’m aware of the risk.
You’re right. I actually keep track of the spammed aliases, and almost all of them are non-financial accounts (like web forums and small retail). Though I do have a couple big ones – Equifax in '11 and Citibank in '14. I’ve had the same Chase alias since 2010 without issues.
Misspelling is the old trick. Copy-paste doesn’t work anymore because domain names support other languages now. Try copy-pasting https://www.еbау.com. The behavior might depend on the browser. Firefox is probably the best in that it’ll tell you something is wrong when you hover over the link or after you paste and hit enter in the address bar, but not before you hit enter.
Wow, that was interesting. Thanks for posting.
Whoa! That’s an eye-opener for me. Fortunately, Firefox showed the true URL just below the address line.
Confident that you wouldn’t purposely send anyone to a scam site, I hit enter. Sadly, I didin’t get to see the joke, as Pi-hole blocked me from reaching it.
ETA: Firefox also shows the true URL when you hover over it in your post.
Until the bank’s customer email database has been breached at least … If it were before the breach had been announced, scammers could still email you at these addresses. Much smaller chance but still.
You can always look at the source and the headers for emails. Links should be a bit clearer in the source. If they’re a tiny URL, you know you don’t want to click it for sure. Also if the domain on these links is not what it should be, that’s a red flag.
I’d prefer if they just included my balances in that email. There’s a lot less actionable information to steal if the email gets intercepted and it tells me what I need to know while also providing decent first indicator that the email is actually coming from my bank (assuming balance matches my records). I’d definitely not want a list of my transactions, account numbers, etc. in an email that may or may not have been encrypted the whole way to me.
Use Brave browser instead of Chrome (uses Chromium engine, has built-in ad block and tracking disabler). Use DuckDuckGo instead of Google for search.
It’s not a scam site – it is not a registered domain. Not sure why Pi-hole bothered to block it, but maybe someone already thought about it and added all the look-alikes to some pi-hole filter.
Yes, I mentioned that 
Good luck teaching Patricia how to read email headers and HTML source 
HTML source is pretty easy to parse… even without learning much of it, you can just search href or even http strings to quickly locate all the links.
Headers are easy to search through. Just focus on DKIM and SPF parts to see if it was really from who it claims to be. Any reputable business will have set those properly.
Besides, what better things does Patricia has to do than run SPF and DKIM validators on all her emails?
Yes, I’d say forget everything I mentioned here.
Life’s to short!
Really? If you’ve got 225k sitting in a CD at GTE, you want them to send that through email?
I’ve just changed the settings on one my accounts so that they no longer notify me of transfers. This is solely because they include the amount of the transfer, the nickname I’ve given the account, and the last four digits of the account number for both the losing and gaining institutions.
In that case, Pi-hole didn’t block it. I got the same “friendly” FF error that I get when a site is blocked by Pi-hole, and presumed that was the problem.