A family member had the same question recently. Following is an excerpt of an email I sent back. Hopefully it is helpful! When the email came in, it seemed legit. I get personal emails from people from time to time, as I am sure you do. When I opened it, the message seemed appropriate, and the link looked legit. By then I spotted a couple of things, mentioned below. But I clicked on the link to see where it would take me. 1) When I clicked on the link, it took me to a sign in page for ****. I was already signed in, and I knew my browser would know this. There was no reason for me to sign in again. So I looked at the address bar at the top of the screen. 2) It was an 'FTP' site (File Transfer Protocol). FTP is the 'internet caveman' version of sending files and information online. Now they use faster, more productive means. 3) Legitimate sign in pages begin with 'HTTPS:'. The 'S' means 'Secure'. Never give personal information over a site that does not begin with HTTPS! So I "X-ed out of it" (Closed the window), and hovered over the link contained in the email. 4) In the lower left of your screen there should be some text that pops up when you hover over links. What you SHOULD see is a matching email address or destination. If not, the sender of the email could be trying to deceive you with a 'bait and switch' using the visible email, and the destination. I actually usually start with #4. Hopefully this was helpful! Following is the actual message that was sent.
... View more