This morning, I had two different emails in my inbox that claimed to be from banks, informing me that I had to click a link to update some account information. Both were fakes. I don't have accounts with either bank. The look was perfect - that's not hard, stealing logos and layout from the bank's web site is simple. The language on one was convincing, the other was a bit off. The second had vague references to possible terrorist activity. I didn't bother to check the return addressesl, but in many cases that's a good clue. Major banks have their own domain names and provide any of their employees who are authorized to communicate for the bank with email addresses. No official message from a major bank will have a return address at AOL or HotMail.

The most solid clue was that the links looked like bank web site links, but when I hovered the mouse cursor on them, the real links were quite different from the blue underlined text. If I had clicked on the links, I would have gone to a completely different site from the one I had expected. I suspect the site would have had a form on it, and had I entered the requested information, the bad guys would have had enough of my information to clean out any accounts I had with that bank, and probably open credit card accounts in my name.

Some things to watch for:

• Do you have a relationship with the organization? If you don't have an account there, at best the email is a mistake.
  
• Is there some good reason why the organization is communicating with you by email and not regular mail or phone?
  
• Are they asking for information (like passwords) they promised they would never ask for by email?
  
• Does the return address match the organization? It should be name or function at organization (or something close - sometimes the domain name isn't exactly the organization name) dot com, net, org, gov, or edu depending on the type of organization. Or dot two letter country code that makes sense for the organization. A big bank isn't going to use an AOL or HotMail account for official communication.
  
• Does the name part of the return address look reasonable - it can be a person's name, or something like 'info' or 'verification'. Names like 'Joe1902013' are often bogus. A legitimate name can often contain a digit or two - I often add '99' to the end of a username if the one I want is already taken. But a whole bunch of random numbers or letters means it is probably randomized to fool anti-spam software.
  
• Check links before you click them. If you hover the mouse cursor over a link (that means placing the mouse cursor on it and not moving for a while) in many email programs, the software shows you the real link. If the blue text looks like a URL but the real link is different, the message is almost certainly bogus.
  
• Is the link to an address that has four numbers separated by periods (like "http://12.34.567.12", an IP address) instead of the usual www.something.com? Don't click it. Sometimes it looks like "http://12.34.567.12:www.legitimatedomain.com" - the www.legitimatedomain.com part of that means nothing, you are going to wherever 12.34.567.12 is.
  
• Is the email supposedly from CitiBank? CitiBank is a real company, completely legitimate and reputable as far as I know. But most of the bogus bank email I receive claims to be from them. Just to be very, very clear - CitiBank is not the bad guy, CitiBank is a frequent victim through no fault of their own. They aren't even guilty of sloppy security - there is no way to prevent bad guys from using your name. You can sue them afterward, if you can catch them, and I'm sure CitiBank does that every chance they get.