Thanks to the internet, you have the ability to more easily store data and perform activities, such as shopping and banking, online. However, it also makes you more susceptible to cybercriminals who seek to exploit you. Through the act of phishing, it's possible for your personal data to become compromised. Organizations in particular are at great risk because a single employee who is phished could potentially compromise the entire company's data. By knowing how to identify phishing and what to do if you receive a phishing email, you can prevent your sensitive information from getting into the wrong hands.
 | Did you know? Constant Contact requires all accounts to use Multi-factor Authentication (MFA) to help protect your information. Learn more. |
What is phishing?
Simply put, phishing is the practice of passing oneself off as a legitimate organization via email with the purpose of tricking individuals into revealing their personal information (e.g. usernames, passwords, credit card numbers, social security numbers, etc.).
How to identify a phishing email
While every phishing attack is different, there are a few common things to look out for:
- Misspellings, poor grammar, or typos, especially in links to websites - Phishers will often try to get you to visit a website that is disguised to look legitimate. Even if a web address looks correct in an email, it could redirect you to a different website, so be wary of this.
- Requests for sensitive information - If an email ever asks you to provide your password, credit card information, bank account number, etc., then there is a good chance it is a phishing attempt.
- The email's "From Address" differs from the organization's domain - If you get an email from your bank or from a website you visit, then the email address sending that message should match that organization.
- The email is about something you don't recognize - If you receive an email saying that your order has shipped or that you have won a contest or lottery, but you didn't order anything, enter a contest, or buy a lottery ticket, then it's likely a scam.
- The message is threatening - Be especially wary of any email that says things like "Urgent Action Required," "Your Account Will Be Closed," "Final Warning," etc. Scammers will often try to scare you into giving up information.
- The email is coming from a government agency - Scammers will try to pose as the government to intimidate you, but it's unlikely that a government agency will try to reach out to you through email.
- Suspicious emails that match the seasons - It's not uncommon for a scammer to adapt to the time of year or current events. For example, around the holiday season you may see more scams revolving around packages being delivered and online shopping. And following a tragic event, you may see fundraising scams looking to capitalize on it.
What to do if you receive a phishing message
The actions you took upon receiving the message will determine how you should proceed:
- You got the email, but didn't respond or click on any links - Delete the message and/or report it as Spam. If you received the message at your work email address, you may want to let your IT or Security team know in case anyone else at your company receives a similar message.
- You clicked a link in the email, but didn't enter any information - Run a virus scan on your computer and inform your IT or Security team if the email was sent to your work email address, or if the link was accessed from your work computer.
- You clicked a link or responded to the email and provided sensitive information - First, immediately update any username or password that you may have provided. If you use the same username or password for multiple websites, then be sure to update those as well. Contact your IT or Security team if the email was sent to your work email or work computer, as well as any organization related to the scam. For example, if you provided bank account information, be sure to contact your bank and tell them. Be on the lookout for fraudulent charges, suspicious account activity, or anything that seems out of place. Finally, run a virus scan in case clicking on the link installed any malware.
How to report a phishing email directly to Constant Contact?
If you received a phishing email and would like to report it directly to Constant Contact, please verify that the email was sent through or appears to be from Constant Contact and send the email and/or the email headers directly to reportphishing@constantcontact.com. If more information is needed, you may be contacted by our Compliance team.
To find the email header information:
Microsoft Outlook 2007, 2013, and 2016
- Double-click on the email.
- Click the "Expand" option in the lower right corner of the Options section in the Ribbon Bar.
- Headers are located in the bottom in the "Internet headers" section.
Microsoft Outlook 2010
- Double-click on the email.
- Click the File tab.
- Select Properties. The header information is located in the Internet headers field.
Microsoft Outlook Web Access
- Double-click the message name to bring the email to a full window.
- In the top bar, click the Envelope and Paper icon for message details.
- The headers will display.
- Select and copy the text.
Outlook.com (formerly Hotmail)
- In the left pane, click on Inbox.
- Open the email you want to view the message header.
- In the upper right corner of the message, click the three dots.
- Select "View Message Source."
Yahoo Mail
- In the email message, click the three dots at the top of the email.
- Select "View raw message."
- Copy the headers (right-click and select Copy or Ctrl-C or select Edit > Copy from the file menus on the top of the screen).
Gmail
- In the email message, click the three dots next to the Reply arrow in the top right.
- Select Show original.
- The full headers will appear in a new window.
Apple Mail
- Click on the message for which you want to see the full header information.
- From the menu, select View > Message > Raw Source.
- The full message is displayed with all headers. Select the message header for copying.
AOL Webmail
- Double-click to open the message in the inbox.
- In the toolbar above, click More and choose View Message Source.
- Note: If you have a pop-up blocker enabled, you may need to hold down the Ctrl button as you click View Message Source, or right-click the blocked pop-up message and choose Temporarily Allow Pop-ups.
- This will open a copy of the email with the message headers at the top.
Thunderbird
- Click the message in the Reading pane to open it in a new tab or new window.
- Select View > Headers > All from the menu bar to display the full message headers.
- Copy the message headers that appear at the top of the page, above the email text.