How to spot phishing emails?

Nowadays, email facilitates a significant amount of our daily communication, and we can find many aspects of our lives inseparable from our email inboxes. Every day we receive many emails from various senders – banks, shops, work, service providers, etc. It is no surprise then that when most people receive an email from an organization that they recognize and trust, they tend to open the message without giving it a second thought. That’s a mistake because such an email message might in fact be hazardous.
Since people use emails for communication so frequently and often share sensitive details, this form of communication has become a primary scammers’ target. One of the most common techniques used by online thieves is phishing.

What is phishing?

Phishing is a form of fraud when an attacker tries to trick people via email, text messages, phone calls, fake websites, or other forms of communication. Usually, attackers use phishing emails to distribute malicious links or attachments in order to access someone’s sensitive information – various account logins, credit card numbers, etc.
These scammers disguise themselves as major companies or other trustworthy entities that people are willing to provide with their personal information.

What is a phishing email?

A fraudulent email message that looks as if it was sent by a legitimate bank, government agency, or organization. Scammers send emails that look identical to those that trusted sources might send. Fraudsters impersonate legitimate entities and, via those phishing emails, ask people to provide their sensitive information, including passwords, phone numbers, bank account data, and more. By having these details, scammers can use them directly for hacking into various accounts, which they do mainly for financial gain.

How to recognize a phishing email?

Here are a few useful tricks to spot a phishing email:

1. Lots of grammar and spelling mistakes

Emails that legitimate companies send go through a series of editing steps before being sent, so look out for mistakes. Unfortunately, more and more phishing emails today are perfect copies of legitimate companies’ emails. Still, in many cases, spelling and grammar mistakes in the received email can be good indicators that the message might be a phishing attempt. Nonetheless, an ideal email without grammar and spelling errors does not mean it’s not, and you need to be very careful.

So if the received email contains visible spelling, grammar errors and asks for your sensitive personal information, it might be that you have received a phishing email.

2. Emails requesting login credentials, payment information, or sensitive details

Every phishing email has a specific purpose, and every ending has a request, for example:

* sign in to an account;
* add/update account information;
* check account activity;
* pay unpaid invoices;
* check attached invoices, etc.

Do keep in mind that most companies will not send you an email asking for various passwords, credit card information, or other sensitive information. You should not provide this information by clicking on a link to a fake website or providing it via email. If the URL of a hyperlink doesn’t seem correct or doesn’t match the email context, you should not click on it. You can verify the URL by hovering your mouse over embedded links (of course, without clicking) and ensure that the link begins with ‘https://.’

3. Suspicious attachments and URLs

You should always regard all internal emails with attachments or URLs suspiciously – especially if attachments have an unfamiliar extension or one commonly associated with malware (.zip, .exe, .scr, etc.).

So if you receive an email from a company that provides a link or has an attachment and asks you to share sensitive information, it might be a scam. Most companies will not ask for passwords, credit card information, or other sensitive data via email. If there is a provided URL, you should always treat such an email with caution. The URL should match what the message says it is. You can check the link by hovering the mouse over the link and ensure that the preview text that pops up matches the original organization’s website.

In fact, it is better not to open the link and, if you must, log in to your account from the company’s original website.

4. Legit companies have domain emails

If the email sender uses a Gmail, Outlook, or other public email address rather than a corporate email address, it is likely a scam. Most legitimate companies or other entities have and use the company name in all associated email addresses.
Thus, if you have received suspicious emails, check their email address by hovering your mouse over the ‘from’ address. Carefully examine the email address and be sure that no alterations (like different numbers or letters) have been made.
However, it is true that sometimes companies use unique or varied domains to send emails, besides, some smaller companies use third-party email providers.

5. Legit companies usually address you by your name

Phishing emails usually use generic salutations such as “Dear member,” “Dear customer,” and so on. This is why when there is no receiver’s name in an email, it may be a reason to suspect that you have received a mass-mailed phishing email.
If you engage with a legitimate company and share sensitive information with them, the email would definitely include your name and probably direct you to the company’s website where you can contact them.

If you don’t scrutinize closely emails that you receive in your inbox, you might not be able to spot the difference between a regular email and a phishing email. We hope the tips provided above will help you decide which emails are safe to open and which ones should be deleted immediately and their sender blocked. Moreover, you can always inform the relevant authorities about the malicious activity.

Since phishing scammers work hard to make phishing emails resemble emails sent by legitimate companies and other entities as closely as possible, you should be cautious and examine closely any suspicious email before opening it and clicking the links it contains.