Most of us know to be skeptical of suspicious emails. But here’s something worth understanding: the same email that looks obviously fake on your computer can look completely legitimate on your phone. That’s why you have to be especially vigilant of emails and text messages on your mobile device. The fraudsters hope you aren’t.
A recent article by Mike Piper at Oblivious Investor illustrates this well. He received a phishing email designed to look like a Vanguard statement notification. On desktop, the red flags were immediate — the sender’s email address was nonsense, and hovering over the links revealed they pointed to a scam site rather than Vanguard. On his phone, none of that was visible without going out of his way to look for it.
Here’s why mobile is the more vulnerable environment:
- Most mobile mail apps show only the sender’s name, not the email address. You’d have to tap through to reveal it — and most people don’t.
- Similarly, you can’t hover over a link on a phone to preview where it actually goes. You either tap it or you don’t.
- Once you’re on a page, your mobile browser may only show a fragment of the URL — enough to see “vanguard” at the beginning without realizing the actual domain is something like “com-payments-us-vanguard.com,” which any fraudster can buy.
The good news is that the most effective protection is simple: don’t interact with inbound communications that ask for anything.
- No clicking on links
- No replying
- No providing information
- If an email looks like it might be legitimate and require a response, close it and go directly to the company’s website by typing the address yourself, or call the number on the back of your card.
This is especially worth keeping in mind for anything related to your financial accounts. The stakes are high, and the effort required to be cautious is low.
👋🏻 Just so you know, I used AI to help come up with the base content here, and then I tweaked it.