Cybersecurity ResourcesPhishing

Recognizing a Phishing Email

A phishing email may appear as a legitimate message, requesting you to confirm personal information for some stated reason.  Or maybe the message is requesting immediate action on your part with threats of legal action if ignored. Phishing emails are crafted to trick or frighten you into action, usually by clicking a link or opening a file that will infect your computer with malware. A goal of phishing emails is to steal your personal information and extract monetary value. People unknowingly fall victim to phishing emails daily. Here are ways to spot phishing attacks.

Common things to look for in emails:

  • The “To” field is blank, an obvious sign it could be a phishing email. A reputable company would include your email address.
  • The sender email address does not match the naming convention (standard format) used by the company. For example, doe@mail.nu.visa.com as opposed to john.doe@visa.com.
  • Bad grammar, spelling mistakes and incorrectly used phrases.
  • Contains an unexpected attachment which you did not request be sent.
  • You are asked to click a link and confirm personal information (i.e., banking, medical, or logon credentials).
  • The email is attempting to create a sense of panic or fear and requires immediate response on your part.

Phishing emails are becoming more sophisticated in appearance and grammar.  Cybercriminals are going to painstaking lengths to ensure the email looks official. However, when an email makes request that you wouldn’t normally expect, it’s often a strong indicator that it’s not from a trusted source.  A recommended practice is to always scan attachments with anti-virus software prior to opening.  Links in email can hide the true URL, always hover the mouse pointer over a link and inspect the address first. These steps will assist you to filter and detect phishing emails in your inbox.

When you have doubt, do not open any attachments and do not click any links. Even if you know the source, if something seems suspicious, delete it.  If you believe that the email is genuine, you should contact the sender or organization directly.

Remember to take a moment to stop and inspect an email before replying.