They look legitimate. They sound urgent and on the level. Don’t be fooled!

The main goal of a “phishing” e-mail is to lure you to a false web-site—usually masquerading as that of a financial institution or credit card company—in order to capture your personal or financial information. The information is then used to steal your identity, make fraudulent purchases using your credit card information, or to drain your bank accounts of funds.
Bank of America offers several basic criteria for e-mail users to recognize these cyber “phishing” expeditions, and avoid becoming a victim of Internet fraud.

1.) Does the e-mail ask you to click on a link within the e-mail in order to verify personal information? With almost no exception, no legitimate request for sensitive information is made via e-mail by any reputable financial institution or credit card company.

2.) Most “phish” e-mails will create a sense of urgency by implying that services will be discontinued or information will be lost if you do not respond immediately. Some will even tell you that your accounts have been frozen because their system indicates your records have been “compromised.” In order to regain access to the accounts, the e-mail will insist you need to immediate re-verify your account information by clicking on the link within the e-mail. Don’t.
If you have reason to think thatMove your mouse over the link in the e-mail. If it changes—when highlighted—to an Internet address that is not associated with the organization purporting to contact you, you can assume, with a high degree of certainty, that the e-mail is fraudulent.
5. Personalization is often sketchy in “phishing” e-mails. The salutation may be a generic “Dear Customer,” or “Dear Account Holder.” It will most likely not include such verifying information as providing the last for digits of your account number, your address, or other specific personal information that will help you determine it is a legitimate e-mail.

6.) Look at the sender’s e-mail address. If the e-mail is not from the company represented in the, it could be fraudulent

If you have any reason to believe an unsolicited e-mail is fraudulent, do not respond or click on any links within the message. Instead, contact the company directly and ask whether they have contacted you. If not, most financial institutions and credit card companies have security or fraud departments to which you can forward the suspect communication for examination.
your information has been breached, contact the company of financial institution by phone or by logging onto their website directly.

3.) Many of these types of e-mails originate overseas, where English is not the native language used by the creator. Look for misspelled words, bad grammar, poor punctuation, or odd, sometimes ornate phrasing.

One of the most recognizable “phishing” e-mails is known as the “Nigerian Letter,” in which the sender claims to have access to large amounts of money, usually acquired as the result of some political upheaval in a small foreign nation, or through the untimely death of a high-ranking government official. The sender wants to safeguard the money by moving it out of the country, and offers to give the recipient of the e-mail a percentage of the funds in return for allowing them to deposit the money into the e-mail recipient’s bank account for “safekeeping.” Instead of depositing any money, once the sender has the recipient’s banking information, they drain all money from the account and disappear.

4.) Deceptive links in “phishing e-mails look like they are to a valid site, but in reality deliver you to a fraudulent Internet address. Many of these sites are elaborately constructed to be almost a virtual duplicate of the legitimate web address, even down to the copyright and privacy policy information located at the bottom of the home page.