How to Spot Email Phishing Scams

Phishing emails, vishing calls, and smishing text messages are scams that try to collect your personal or financial information. Unfortunately, phishing emails have become so realistic that scammers can easily trick people into thinking their emails are from legitimate companies. Here are 7 (seven) tips on how to spot email phishing scams.

Seven Tips

1. Sense of urgency: Phishing emails often create a sense of urgency by claiming that you need to act immediately to avoid a negative consequence, such as your account being suspended or closed.
2. Strong emotions: Phishing emails may also try to invoke strong emotions, such as greed or fear, to get you to act without thinking. For example, they may offer you a prize that is too good to be true or threaten you with identity theft if you don’t provide your personal information.
3. Requests for personal information: Phishing emails often ask for personal information, such as your passwords, social security number, or credit card number. Legitimate companies will never ask for this information via email.
4. Account or payment problems: Phishing emails may also claim that there is a problem with your account or payment. For example, they may say that your account has been suspended or that you need to update your payment information.
5. Suspicious links: Phishing emails often contain links that do not appear to match legitimate resources for the organization that is contacting you. For example, a phishing email from PayPal might contain a link to “paypal.com.ru” instead of “paypal.com.”
6. Fake orders or invoices: Phishing emails may also contain fake orders or invoices. These are often designed to trick you into paying for goods or services that you never ordered.

If you receive an email that you think might be a phishing scam, do not click on any links or open any attachments. Instead, contact the company directly using a phone number or website that you know is legitimate. More tips below on how to spot email phishing scams.

Additional Tips

Here are some additional tips to help you protect yourself from phishing attacks:

• Be wary of emails from unknown senders.
• Don’t open attachments from unknown senders.
• Hover over links before clicking on them to see the actual URL.
• Keep your software up to date, including your email program and operating system.
• Use a strong password for your email account and other online accounts.
• Consider using a password manager to help you create and manage strong passwords.

By being aware of the red flags of phishing scams and taking steps to protect yourself, you can help to keep your personal and financial information safe and learn how to spot email phishing scams.

Stay Safe from Phishing with These Simple Tips

Recognize / Resist / Delete

1. Recognize

• Urgent or emotionally appealing language: Phishing emails often use language that creates a sense of urgency or fear, such as “Your account is at risk!” or “Click here to claim your prize!”
• Requests for personal or financial information: Legitimate companies will never ask for your personal or financial information via email. If you receive an email asking for this type of information, it’s a phishing scam.
• Untrusted shortened URLs: Phishing emails often use shortened URLs to hide their malicious destination. If you see a shortened URL in an email, hover over it to see the full URL before clicking. If the URL doesn’t look like it belongs to the company it’s supposed to be from, don’t click on it.
• Incorrect email addresses or links: Phishing emails often use email addresses or links that look similar to the real thing, but are slightly off. For example, you might receive an email from “amazon.com” but the link actually goes to “amazan.com.” If something looks wrong with the email address or link, don’t click on it.
• Poor grammar or misspellings: Phishing emails often have poor grammar and misspellings. However, some phishing emails now use AI to generate perfect grammar and spellings. So, it’s important to look for the other signs of phishing emails as well.

2. Resist

If you suspect that an email is a phishing scam, resist the temptation to click on any links or attachments. Instead, report the phish to protect yourself and others. Most email providers have a “report spam” button that you can use to report phishing emails. You can also report phishing emails to CISA at https://www.cisa.gov/report.

3. Delete

Once you’ve reported the phishing email, delete it. Don’t reply to the email or click on any links or attachments, even if they look like they’re from a legitimate company.

By following these three simple tips, you can stay safe from phishing scams and protect your personal information.

Activate Your Human Sensors to Help Spot Phishing Emails

Despite advances in security and technical defenses, phishing attacks continue to succeed because they exploit human vulnerabilities. Attackers send emails and social media posts that trick people into providing credentials or clicking on links from untrusted sources.

While it’s generally safe to open emails and messages, be suspicious of any communication that:

• Creates a sense of urgency, demanding “immediate action” before something bad happens.
• Pressures you to bypass or ignore company policies or procedures.
• Plays on your curiosity or promises something too good to be true.
• Uses a generic salutation, such as “Dear Customer.”
• Requests highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know.
• Claims to be from an official organization but has poor grammar or spelling or uses a personal email address like @gmail.com.
• Comes from an official email address (such as your boss) but has a Reply-To address going to someone’s personal email account.
• Is from someone you know, but the tone or wording just doesn’t sound like them.

If you’re suspicious of a message, call the sender to verify they sent it. It’s easy for a cyber attacker to create a message that appears to be from a friend or coworker.

Additional Tips

Here are some additional tips for avoiding phishing attacks:

• Never click on links in emails or messages from unknown senders.
• If you’re unsure about a link, hover over it with your mouse to see the actual URL. If the URL doesn’t match the sender’s email address or the company website it claims to be from, don’t click on it.
• Be wary of attachments, even if they’re from people you know. If you’re not expecting an attachment, don’t open it.
• Keep your software up to date, including your operating system, web browser, and email client. Software updates often include security patches that can help protect you from phishing attacks.

Check out our previous blog post on Phishing: How to Avoid Getting Caught!