How to Spot a Phishing Email: 9 Telltale Signs


Phishing emails, sent by cybercriminals in attempt to dupe recipients into disclosing personal information, have become more and more prevalent, and as techniques continue to advance, they’ve also become harder and harder to recognize. In the past, cybercriminals would cast a wide net and hope for a bite, but modern phishing emails are often personalized and made to look like they came from a person or organization that the recipient is familiar with.

Despite the advances in cybercrime technology, it’s still possible to tell the difference between a phishing attempt and an authentic email – you just have to slow down and look for the signs.

Here are 9 signs to recognize a phishing email:

1. Unknown Sender

First, check to see who the email is from. While it’s not unusual to receive email from someone you don’t know, this is a good signal to thoroughly investigate the rest of the email before clicking any links or responding.

2. Email Address Doesn’t Match Sender

Make sure that the email address of the sender matches up with name of the supposed sender. For example, if the From name is “John Smith”, the actual email address should not be something like “markclark[@]”.

3. Urgency

Phishing emails with statements like “Act Now!” attempt to push you into clicking a link or downloading an attachment quickly, before you’ve had time to evaluate the situation.

4. Threats

Often, cybercriminals try to scare victims into giving away their information with statements like, “Your account will be deleted if you don’t click this link.” A trustworthy organization will not threaten you.

5. Logos That Aren’t Current

Many phishing attempts appear to be from reliable organizations, sometimes even sporting legitimate logos. However, the logos used in phishing attacks are often dated, so it’s important to stay up to date on the most current logos in place on the platforms you use.

Microsoft Office Logos
Examples of old Microsoft Office logos and how they have evolved over the years.

6. Blatant Grammatical Errors

Everyone makes mistakes, but an authentic email should not be riddled with grammatical errors and misspellings.

7. Slight Spelling Errors in URLs & Email Addresses

Some spelling mistakes aren’t actually mistakes at all, so keep an eye out for minor misspellings in URLs, email addresses, and logos – for example, 0ffice365 vs Office365.

8. Unusual Links

If the you see an unusually long link in the body of the email, or a link that just looks like a long string of numbers, it would be wise to further investigate before clicking.

9. Unsecure Links

More importantly, if a link does not begin with “HTTPS” (as opposed to “HTTP”), avoid clicking it. You can scroll over hyperlinks to get a preview of the attached link before you click on it.

More in , ,