then delete. Easy. This, if you don't recognize the sender, but sometimes even when you do. They can easily spoof an email, meaning it looks like it was sent by say your bank, but it was not.

The real clues are when they give a direct link to log-in, especially to a bank site. Banks do not do this and if they do, get a different bank. Amazon also is another to be highly suspect. Basically suspect all, and then choose who to trust. I've been almost taken in a time or two because the email looked legit but the link was the giveaway -- if you can, click a copy the link, then when you paste it somewhere you can see if it's actually the site you think it is. If it says, "mysite.amazon.somewhere.com -- it's not from Amazon, it's from somewhere.com -- the last bit, before the .com or .whatever is the actual site.

Email could have been hacked.

👋

A few people I know have had email hacked & only found out when friends alerted them.

Just fyi, about 100% of the fake email that I've gotten from my friends has been forged. I.e. my friends' email system was not hacked, but their contact list was acquired(*). So the spammers would just generate fake email from one of them to all of their friends.

Sadly faking email is very easy to do (almost as easy as spoofing caller-id), and looking at the raw email headers to deduce if it's a forgery is a technical skill that's not super easy to teach.

(*) This is one big reason I hate sharing my contact list (address book) with services like Skype or WhatsApp.

I'm not techie enough to know about such things. 😊

Just reading an email is generally safe.

Opening unexpected attachments or clicking on web links is generally a terrible idea. Use whatever tools you have in your email reader to check a link before clicking on it, and then still be very careful that the link goes where you expect. And basically never open an attached file that you've not requested.

But ... there is more one thing. Email often has "remote content" associated with it. Pretty images and logos and stuff. And from both good guys and bad guys, this "remote content" is frequently tagged with a unique id so they can track that you have opened their email to you.

And when you've read an email from a bad guy, that basically triggers more junk email, since they've identified a live account.

Almost all email software have some kind of preference setting to "load remote content" automatically or wait until you ask for it. I tend to leave it disabled, but others find the convenience of seeing all of an email right away outweighs the inconveniences of getting more junk mail. Your choice!

I really appreciate it. Aloha