How to spot a phishing e-mail

A phishing e-mail is a bogus e-mail that is carefully designed to trick the end user into looking like a legitimate request for personal information or to get you to click on a malicious attachment from a source you trust.  It is one of the cheapest and most effective ways to compromise end user PCs and accounts.

 

Often these e-mails look 100% legitimate and show up in the form of a PDF (scanned document) or a UPS or FedEx tracking number, bank letter, Facebook alert, bank notification, etc. That’s what makes these so dangerous – they LOOK exactly like a legitimate e-mail. So how can you tell a phishing e-mail from a legitimate one? Here are a few telltale signs…

 

  1. Hover over the URL in the e-mail (but DON’T CLICK!) to see the ACTUAL website you’ll be directed to. If there’s a mismatched or suspicious URL, delete the e-mail immediately. In fact, it’s a good practice to just go to the site direct (typing it into your browser) rather than clicking on the link to get to a particular site.

 

  1. Poor grammar and spelling errors are another sign, but as Phishing gets more sophisticated, you might not see these errors.

 

  1. Another warning sign is that the e-mail is asking you to “verify” or “validate” your login or asking for personal information. Why would your bank need you to verify your account number? They should already have that information.

 

  1. And finally, if the offer seems too good to be true, it probably is.

 

Phishing Testing and Security Awareness Training are great ways to improve Phishing awareness and reduce organizational risk. Learn more »

 

To learn more about how to spot phishing emails, download our Social Engineering Red Flags cheat sheet (PDF).