Tutorials

10 quick tips to identifying phishing emails

Avoid falling victim to a phishing attack with these 10 quick tips

Now that it’s 2020, there’s a good chance everyone has heard of phishing emails and is familiar with how it works. Unfortunately, some people continue to fall for phishing emails. 

Faud, in general, is on the rise, but phishing is really booming. Phishing attacks account for a whopping 60% of fraud attacks in the fourth quarter of 2019, according to the RSA Quarterly Fraud Report. Why do so many people still fall for phishing emails? Simply put, we don’t pay close enough attention to our emails.

In a phishing attack, someone sends you an email in an attempt to break into your computer or your company’s network, steal your identity, or get you to send them money. 

Advertisement - Article continues below

Phishing attackers send out thousands of emails to random addresses hoping a few recipients will open them. It’s like casting a wide net into the open ocean hoping to catch some fish -- hence the name. 

Many phishing emails are very convincing, making you believe you’ve received correspondence from a company you do business with. Fortunately, if you know what to look for, there are telltale signs it’s a scam. 

Here are 10 tips for identifying a phishing email.

1. You have no account with that company

If you get a message like, “Please update your PayPal account!” but you don’t even have an account with the company, that’s a pretty big red flag. 

Advertisement
Advertisement - Article continues below

While you might pause to think, “What if someone opened an account in my name?” you still don’t want to open this email. Go directly to the company in question and request help.

2. The email account isn’t connected to the company

What if you do have a PayPal account, but it isn’t connected to the email account where you received the message? If you’ve never told the company about your other email account, it shouldn’t send emails to that account. 

Advertisement - Article continues below

It’s that simple. Delete!

3. The return email address isn’t normal

This is one of the easiest ones to overlook, but one of the most surefire ways to spot a bogus email. 

If you get an email from a known company, the email should come directly from that company. If it’s a bill from Netflix, it should come from something like billing@netflix.com. 

If there are extra letters or numbers in the return email address, it is not legit. Even if there is a minor error like billing@netflex.com, it’s a trick.

4. The email asks you to confirm personal information

You’ve probably heard this before, but let it sink in -- reputable companies will never request personal information like your Social Security number, account numbers or account PINs via email. 

Even if everything else in the email looks legit, this is a giant red flag. Never click a link from an email you weren’t expecting and provide personal information. Ever.

5. The email is poorly written

Typos happen. That’s not exactly what we’re talking about here. We’re talking about consistently missed words or poorly phrased sentences, which are clear signs a non-native English speaker wrote the email. 

Advertisement - Article continues below

Reputable companies don’t let that happen. They have editors and proofreaders who verify their emails look professional before they’re sent out. 

6. There is a suspicious attachment

Attachments are pretty common, so we don’t worry about them too much, but we should. 

If you see an email with an unexpected attachment, be suspicious. Most reputable companies will ask you to download assets from their website and will not send you an attachment. 

7. The message is super urgent

A favorite tactic of phishing scams is to put the pressure on right away. The email may claim you have missed a payment, owe the government money or have been recorded through your laptop’s camera. 

Advertisement
Advertisement - Article continues below

These tactics are intended to make you panic and rush to respond to the situation, which means you’ll click on their links to get to the bottom of it. Boom. You’re a phish on the hook!

Don’t respond to high-pressure emails unless you know the reason it appeared. Even if you’re late on your credit card payment and receive a nastygram from your credit card company, don’t use a link from that email to pay or put in information. Go directly to the website.

8. The email doesn’t use your name in the greeting

Does this look familiar? “Dear valued customer” or “Greetings, friend.” Yeah, this is a dead giveaway that an email isn’t from a source you know or work with regularly. 

Advertisement - Article continues below

Any company you have an account with should know your name and use it in emails. That’s standard stuff. If you’re not greeted by name, the sender doesn’t know you, and you probably don’t know them (and don’t want to).

9. The whole email is a hyperlink

If your cursor turns into the pointing hand no matter where it is on the email, the entire email is one giant hyperlink. Why? If the whole email is a hyperlink, any random mouse click delivers the sender’s virus or malware. 

Why wait for you to open an attachment if the hacker can get you with any click? This one is fairly easy to spot and a dead giveaway.

10. The email is from a public domain

If you get an email claiming to be from a business you know and trust, but the sender’s email address is from a public domain like @gmail.com or @outlook.com, this is another red flag. 

Businesses that frequently send out emails have their own domain names, and all emails should come from that domain. If Jill is claiming to be from Verizon, but her email is Jillydill@yahoo.com, you know it’s at least spam but very likely a phishing attempt.

What should you do if you’re not sure?

If you get a puzzling email, pause before doing anything with it. Go over this list and look for clues. If you’re still not sure, the best thing you can do is contact the company in question directly, not through that email. 

Advertisement - Article continues below

Go directly to the company’s website or call the company and explain what you saw in the email.

It’s possible you’ll alert the company of a fraud scheme it is unaware of. You may also learn the email is legit. Either way, by contacting the company directly, you’ve avoided the unnecessary risk from a phishing attack.

How do I report a phishing email?

If you’re fairly certain you have a phishing email on your hands, you can report it to the FTC or forward it to spam@uce.gov and reportphishing@apwg.org. 

Keeping a watchful eye on your inbox and reporting suspicious emails is your best bet to fight back against phishing.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business-strategy/careers-training/356422/ibm-job-ad-calls-for-12-year-experience-with-6-year-old
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/software/development/356420/linux-kernel-to-strip-out-racially-insensitive-terms
Development

Linux kernel to strip out racially insensitive terms

13 Jul 2020