Here's a public service reminder: Never click on links in an e-mail. Ever!

Now, let me say that I don't always heed this advice myself, but I should. And today, I'm glad I did.

I got an e-mail today with the following subject:

Important Notification

That's all. I noted that the sender of the e-mail was alleging to be someone from the Jefferson Parish Employees FCU (Federal Credit Union). Recalling back to all the geographical information that was foisted upon me during the Hurricane Katrina fallout, I knew that Jefferson Parish was a county-like area in Louisiana – and one which I had never visited, let alone had accounts in the local credit union.

So, I did a quick investigation. First, looked at the e-mail address. Since I use Google Mail's online interface, this was as easy as clicking the "Show Details" next to the Sender line to display all of the e-mail headers. I saw that the sender was from the jpefcu.org domain. I then compared that e-mail address to the "click here" link in the body of the e-mail. The link was pointing to the jpefculogin.org domain.

Something was definitely phishy.

Since I had not had any interaction with Jefferson Parish Employees FCU – and I didn't even know whether it existed – I googled it. Sure enough, it's an actual FCU, and their domain name actually is jpefcu.org. Trusting Google more than I trust a random e-mail in my inbox, I went to the JPEFCU site, scrolled down a bit and saw the following in big red text in the middle of their page.

Phishing Scam Alert!

Sure enough, my suspicions were correct. Someone was trying to get me to click on a link and provide some kind of login information. I wasn't about to do that, though, so I just trashed the e-mail.

Researching the scam

I mentioned above that you should never click on links in e-mails, and here's why. As evidenced by the e-mail I got, sometimes the web addresses in e-mails are very similar to legitimate URLs. It might seem reasonable to some that jpefculogin.org belongs to JPEFCU, but in fact it doesn't. I know this, because I looked up the WHOIS record, which gives information about who owns domain names.

Comparing the WHOIS records for jpefcu.org and jpefculogin.org shows clearly that the two domains do not belong to the same individual or company.

• jpefcu.org shows all the signs you'd expect of a domain owned by a business – registrant organization is listed as "Jefferson Parish Employees FCU" and the address jives with the one brought up by Google Maps.
• jpefculogin.org on the other hand is rather sketchy – It belongs to someone named Jessica Marine (assuming that's a real name) who's address is a P.O. box in Tupelo, Missouri.

Unfortunately, most people don't bother, or know how, to check the links e-mails like I did. And that's okay, because for most scams I don't bother to either. In fact, you don't have to go through all this trouble.

What you can do instead is use a bookmarks that you create, and then always use those bookmarks to access any financial or other sensitive information. You can do this using the simple functionality of your browser, or you can set up bookmarks at places like delicious or another online bookmarking service. I personally use my Firefox browser-based list along with a plugin called Foxmarks that syncs my bookmarks between different computers that I use.

With this setup, whenever you get an e-mail about some financial information, instead of clicking on the link in the e-mail, you can use your bookmarks. That way, you know that the link you are clicking is a legitimate one, because you're the one who set it up.

Stay safe!