Cyber Security: How to Identify a Phishing Email

By now we are all familiar with the email scams claiming to be from wealthy foreign nobility, but phishing and other scamming tactics have moved past AOL to adapt to a new age of cybercrime awareness, and many scammers have evolved their practices and are highly adept at appearing legitimate. Common companies that scammers will impersonate through email are insurance companies, Amazon, streaming services like Netflix or Hulu, student loan companies, web-hosting services, banking institutions, and most recently because of the COVID-19 pandemic, the CDC. These scams are often complete with falsified login pages or forms that look identical to the real thing, but act to collect your data for nefarious purposes without your knowledge.

How can you tell if an official-looking email is phishing or trustworthy?

1. Phishing email bylines will almost always be urgent, and the email itself may contain a threat of consequence you don’t comply within a certain amount of time, such as terminating your service, fining you, or prohibiting you from accessing your account in the future. These emails are designed to make you panic so you’ll give them what they want. Remember a professional business that is depending on customers like you, should not threaten you.

2. It will likely be addressed to “customer,” “account user,” or “client.” Nowadays, most accounts like bank accounts, Amazon, and insurance, will be addressed to the name on the account, and not a generic title. Be aware, some more advanced phishing scams may have your name, but this is still a good thing to watch for, as this type of address almost always indicates a scam.. 

3. The email has far too many typos to go unnoticed by a professional company. If you read the entirety of the email, you will often find that it does not make complete sense. Large companies pay professionals to write their emails for them, and those emails will be carefully worded.

4. You have no reason to suspect any issues with the account in question. If you’re responsible about paying your bills and keeping your information up to date on important sites, you shouldn’t have reason to panic even if those sites send you an email.

5. The sender’s email address will not be legitimate. It is common for scam emails to be almost identical to the legitimate business they’re imitating, for example, “@paypall.com,” and “@ammazon.com,” but they will never be exact. It may be as simple as a typo, an extra number, or an additional word added to the company’s name, so read through the entire email address carefully. 

6. Any links in the email will not go to legitimate sites. To view the URL without clicking on it and exposing your computer to an unsecured site, hover your cursor over the link and look in the lower left-hand corner of your screen. If the URL does not match the URL of the supposed sender, do not click on it. 

What you cannot trust:

1. Links in emails from scammers. This cannot be stressed enough, if you do suspect an issue with any of your accounts, type in the official site’s URL, the company should let you know if there’s an issue with your account on the website itself after you login.

2. You cannot trust the appearance of the site linked to in a scam email: scammers have become experts at replicating website logins to steal your information.

3. You cannot trust the urgency of the email. Again, if you do suspect an issue with your account, contact the company directly from their official site, or give them a call.

What to do if you suspect phishing:

1. Verify the company’s email by checking another email from the company that you know to be legitimate.

2. If the email addresses don’t match, there are too many typos, or the formatting is wrong, mark the suspicious email. If you regularly receive emails from the legitimate company, your emailing platform may keep a record of those emails in the sender’s contact information, which is a quick way to verify the legitimacy of the sender.

3. Report it to the company. Most companies have a department for fraudulent activity. Go to the official site, and often at the bottom of the webpage, there will be an email address you can use to contact the company. You may be asked to forward the suspicious email to a designated department.

4. For important accounts, it may be beneficial to bookmark the login page on your secured computer’s browser so you can access it directly if you ever do suspect an issue with your account. 

To download our Phishing Email Identification infographic, click here. And for more protection from fraudulent activity, here are links to our Firewall and Antivirus blog post, and our Disaster Recovery Solutions video. Stay vigilant, and stay safe.