Maybe this belongs in general questions but I’m not sure that there’s one factual answer.
I received an email appearing to be from Augusta Utilities in Georgia confirming a payment of $75.55. I do not live in Georgia, I have never been in Georgia, and I’ve never done business of any kind with this company. The email refers to my real first and last name.
I’ve checked my bank accounts and credit cards and found no payments of that amount.
The email address I received it at is not one that I’ve associated with anything financial. The first part of the address is my first and last name so it could be some sort of scam that got my name from the email address.
I am not going to click on any links in the email and I’m not going to reply to it. In any case it came from a no-reply address.
It could a phishing attempt or, more concerning, it could be identity theft, but what is there to gain from using my name, but not my money, to pay a utility bill?
Google shows that the company does have a web presence but anyone could create a fake site.
So what’s going on? Does anyone know if it’s a real company?
Can I safely ignore the email? If not, then how should I proceed?
A quick google (which you could have done) shows two hits, both in Augusfta, Gerogia. Both show Google reviews and appear to be what they are–utility sites. I’d look and see if any symbols/addresses/emails on your message matches theirs.
If your message has no information you can use to ID the site, I’d chalk it up to a mis-type and follow Dewey Finn’s advice. Heck, I got notice of a overdue parking ticket from East Cleveland, Ohio for a couple of years when (1) I had never been in East Cleveland and (2) Didn’t drive the car style they were ticketing.
I would look at the Received chain in the email headers and see where it really came from. It would at least be interesting to see if it really came from Augusta Utilities or not.
It’s either a scam or a mistake. Either way, it can be ignored. Heck, it should be ignored, on the chance it is an attempt to connect for whatever reason. The reason is never a good one.
If you decide to contact them, do not use any links from the email, or any of the contact information listed in it. Instead, use information you get off of the official website. It’s likely some sort of phishing attempt.
What about the final part of the address? Is it gmail or something similar that anyone could sign up with? In that case it could just be a mistake and someone with the same name as you forgot that their email has dav1d, not david.
He’s referring to normal email headers. They’re generally not readily visible in email clients. I was reading my email on my phone and I can’t look at the headers there. I’d have to boot up a real computer to get at the headers. I may do that the next time I use my laptop or desktop.
It does require a certain amount of understanding of how mail headers work, but it’s relatively straightforward. I think a moderately non-technical person should be able to learn to do it. This seems to be a good introductory explanation: Email Headers Can Tell You About the Origin of Spam
As I was reading the article it occurred to me that this must be being done already by my workplace’s spam filter (I think it they use one under license). Still, good to learn.
Maybe I’m just mischievous and cheap, but I’d write them back and say “Never used your electricity last month. Please credit my PayPal account $75.55.”
I have a gmail account of the form FirstnameLastname, too, and I get at least two pieces of mail there every week that should go to other people. Not malicious on their parts, I think, just idiocy in not remembering their email address is actually FirstnameLastname21 or something like that when they fill out forms.
Over time I’ve learned quite a bit about my name-mates, who live in two far apart from me and each other states. I know the name of one of their GPs, I know the florist one hired for a party, I know one of them is seeking estimates to have her roof redone, and the other’s daughter is apparently acting up – on and on.
I used to try to inform the senders they had the wrong address, but so many are ‘do not reply’ types… Now I use the unsubscribe links if the mail includes one, then just delete them.
That assumes nobody is faking the header. Spammers frequently pad an email header to fake the true origin. This makes it hard for software to detect such fakes and sometimes even a knowledgeable human will be stumped.
A spammer can spoof any email headers, but they can’t make the spoofed headers appear before the real Received headers that the servers add. Basically every email begins with one or more real Received headers, followed by zero or more spoofed Received headers. Since the headers are linked to each other, you can detect which one(s) are spoofed. The article that I linked to in #13 explains how to do this.