Detecting phishing

Last updated

You can protect yourself against phishing by carefully reading every message that hits your inbox.

A message is phishy if it has the following things in it.

  • It is asking you to update or fill in personal information. Always remember that a reputable business does not ask for personal information via email.
  • The "From" address imitates a legitimate address, especially from a business. A favorite phishing tactic among cybercriminals is to spoof the display name of an email.
  • It contains mismatching URLs. The URL shown on the email and the URL that displays when you hover over the link are different from one another.
  • It begins with a vague statement like "Dear account holder". Reputable companies will have your name in the salutation, opposed to "valued customer" or "to whom it may concern".
  • It is badly written and contains typos, misspellings, unnecessary capitalizations. Legitimate messages usually do not have major spelling mistakes or poor grammar.
  • It contains attachments from unknown sources that you were not expecting. Including malicious attachments with malware is a common phishing tactic.
  • It sounds urgent or threatening. Invoking a sense of urgency or fear is a common phishing tactic. Beware of messages trying to scare you into acting without thinking.

Here are a few more useful tips on how to spot a phishing email and what to do if you have taken action on one:

Check out the security tips in our article about protecting from phishing.
Back to top
Has the article answered your question?

Awesome! Thanks for your feedback!

Please send us that question. We will be happy to help by email.

Send a message