One of my banks sent out some useful tips to avoid be taken in by online villians.
Be extra careful with emails taking advantage of the Covid-19 situation.
Scammers have found a way to pretend to be legitimate merchants, selling masks and other products to entice customers into clicking links in their emails and entering their credit card details and one-time PINs on a fake website.
Regardless of what emails you are looking at, here are some tips to determine whether they come from legitimate merchants:
- Check the sender’s email address.
- Check the sender’s email address.
- Merchants who can afford to have their website should be able to afford their own email domain. Be careful if the sender is using a public email domain (e.g. '@gmail.com', '@yahoo.com').
- Look for the padlock icon + https.
- A simple yet effective way of checking whether a website is legitimate is when it has a padlock icon on the address bar, and the underlying protocol has an added "S" (i.e., https). This means that the website is secure and verified.
- Watch out for spelling or grammatical errors. Spelling and grammatical errors are red flags on official communications. These may also be used to make a fake website look real (e.g. www.rnedicine.com vs www.medicine.com); notice that the first letter from the first URL is an 'r' to make it look like an 'm' when combined with the letter 'n').
Thanks Citibank Bahrain.
