How to Spot a Phishing Email

As the first person who reads and interacts with their email, you are the first line of defense your organization has against phishing emails. Phishing emails are scams that can cause serious damage to computer networks by introducing malware, stealing important credentials, and exposing your organization to breaches of private data. Learning how to spot and handle these emails can help maintain data security for you and your organization. Here is a quick Top Ten list for how to detect and deal with a phishing email.

1. Don't trust the sender.

Always look at the email address to confirm the true sender. Phishing emails will often be sent from an email address that looks similar or nearly identical to a trusted source but have a misspelling or a different domain name. Emails can also fake the “from” address, so make sure to expand the sender’s name to show where the email is really from.

Look for these types of notices at the top of your email.

2. Look don't click.

Hover your mouse pointer over links without clicking. If the alt text looks strange or doesn't match the link description, don't click on it. Don’t automatically trust shortened links (i.e., bit.ly).

3. Check for spelling errors.

Phishing emails often contain more spelling and grammatical errors than an email from a trusted source. The spacing or layout of the email may also look disorganized or awkward to read. Look out for strange characters like “ⱱᴼ१©⋲ℳᾀἾḶ”.

4. Consider the greeting.

Generic or unfamiliar greetings are common in phishing emails. Check to see if the sender addresses you directly and if the greeting lines up with your organization's typical style of correspondence.

5. Be wary of requests for personal or sensitive information.

Legitimate organizations and businesses have protocols for collecting and sending sensitive data (such as passwords, bank information, and even contact information) and are very unlikely to ask you to send them via email. Login credentials are sensitive information and should never be sent over email or text message.

6. Beware of urgency.

Be aware of emails that use a sense of urgency to inspire a call to action. If there is an emergency that requires your immediate transferring of money in your company or personal life, it's unlikely to be communicated in an email.

7. Check the email signature.

When verifying a sender, use contact information from previous a correspondence, company directory, or public listing. Scammers can edit signatures, though, so do not automatically trust the contact information in the email.

8. Be skeptical of attachments and links.

Scammers might try to trick you into opening an attachment or clicking a link to a file sharing site. Not expecting a file? Follow up with the sender via phone or in person and confirm they sent the email before you open any attachments.

9. Stay up to date on the service your organization uses.

It's important to know what services your organization uses. Be cautions of emails from unfamiliar vendors or with links from services your organization doesn't use.

10. When in doubt, reach out.

If the sender is someone you trust, contact them and verify they sent you the email. If the email is from someone you don't know or trust and it contains any of the red flags mentioned in this article, it's very likely a phishing email and you can report and delete it. If you're still unsure about the legitimacy of an email, please contact us and we can help you out.