10 Ways to Spot a phishing email

Phishing emails are quite prevalent these days. Below are some ways to spot malicious emails.

“Phishing” is an attempt to obtain sensitive information such as usernames, passwords, and/or credit card details (and, indirectly, money), often for malicious reasons, by pretending to be a trustworthy entity in an email. ^[1] Phishing can also occur over the phone or on websites, but email is the most common means.

Millions of phishing emails are sent to unsuspecting victims all over the world everyday. Some phishing messages are so ridiculous that it is easy to identify them as frauds. Others can be more deceptive. Below are ten things to look for when trying to decided if an email is legit.

1: The email contains a mismatched web address

Oftentimes the URL (aka. web address) in a phishing message will appear to be valid. BUT, if you hover your cursor over the URL, you can see the actual hyperlinked address (often at the bottom of the screen). If the hyperlinked address is different from the address that is displayed, the link could be fraudulent or malicious.

2: Website address is misleading

This trick is often used by scammers as a way to convince people that a message came from a reputable company like Amazon, Apple, or your bank etc. The scammer creates a web address that looks like it’s from a reputable company. It could look something like amazon.badcompany.com or usbank.scammersRus.com. It likely won’t be that obvious, but you get the idea. The word before the “.com” is what matters in computer-speak, so make sure it’s legit before clicking on it. And if you’re still not sure, it’s best to just type a web address directly into the browser search bar.

3: The email contains misspellings and bad grammar

This is often a tell-tale sign of a scamalicious email. If a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal or customer relations department. It likely originated from Russia, China, or a poor eastern European country.

4: The message asks for personal information

Scammers often trick people to give up personal info by saying something like, “your account is going to be closed unless you update your account information with us ASAP.” If you are still unsure if the email is really from your bank or the company they claim to be, call the company directly, or email them through their website. Do not click any links in the email. That’s exactly what they want.

5: The offer seems too good to be true

This holds especially true for email messages. If you receive an email from someone unknown to you who is promising you the moon, the message is a scam.

6: You didn’t initiate the action

If you get an email that says you have won the lottery or a contest you did not enter, you can bet your bottom dollar that it is a scam.

7: You’re asked to send money

You might not asked in the initial message. But sooner or later, they will ask for money to cover expenses, taxes, fees, shipping etc. If that happens, you know it’s a scam. But hopefully you didn’t click on their questionable links to get this far.

8: The email makes unrealistic threats

We touched on this above, but this is a common one. For example, people have received official-looking emails allegedly from their bank. Everything may look real, but then it will say something like “your account has been compromised and if you do not submit a form [along with your account number] and two picture IDs, your account will be canceled and a judgement will be placed against you.”

A real company won’t send an email like this.

9: The message appears to be from a government agency

Sometimes emails claim to be from a law enforcement agency, the IRS, the FBI, or some other agency. US government agencies don’t normally use email as an initial point of contact, so it’s more than likely fake.