Many emails “seem” to come from Legitimate Companies


The email above looks like it came from The supposed email address looks correct. It has official looking logos and even the website link looks legitimate. However … it is not.

Who Sent this Email?


So it looks like security at sent this email. Did they really?

Reveal Long Headers


If you are curious … and would like to see where this email came from, select the email. Then view long headers. The exact menu item for this varies with the email application you are using, but generally it is under the “View” menu. In from Apple, click on the “View” menu, then “Message” and then “Long Headers”.

Who sent the email …. REALLY?


You will then see all of the header information contained in the email. Don’t get overwhelmed with all of the detail … just look at the example above and note the the “From” address shows That could be any address that the sender chose to put there. In reality, it came from a server called “”. That’s a far cry from Chase. Who is Who knows, who really cares (unless that is your domain and someone has hacked it to send phishing emails). The point is that it is NOT … and the email is bogus. Delete the email!

Asking you to log on and change/update information


Banks and other financial institutions NEVER ask you for your account information via email. So this is a CLEAR indication that the email is phishy! Do Not Click the link! DELETE THE EMAIL.

Best Practices

  • If you are suspicious at all … Do not open the email. Delete it immediately.
  • Contact your financial institution via phone or by going directly to their website.
  • Do NOT click on any link in the email
  • Ensure that your online passwords are at least 8 characters long
  • Contain no dictionary words or other easily identifiable elements such as birthdays, pet names, kids names etc.
  • They are not used for any other purpose. Having one password for everything may be easier to remember, but remember that if a thief gets ahold of it, they have the keys to the castle … anything that uses that password is their for the taking.