Detecting phishing

Last updated

You can protect yourself against phishing by carefully reading every message that hits your inbox.

A message is phishy if it has the following things in it.

  • It is asking you to update or fill in personal information. Always remember that a reputable business does not ask for personal information via email.
  • The "From" address imitates a legitimate address, especially from a business. A favorite phishing tactic among cybercriminals is to spoof the display name of an email.
  • It contains mismatching URLs. The URL shown on the email and the URL that displays when you hover over the link are different from one another.
  • It begins with a vague statement like "Dear account holder". Reputable companies will have your name in the salutation, opposed to "valued customer" or "to whom it may concern".
  • It is badly written and contains typos, misspellings, unnecessary capitalizations. Legitimate messages usually do not have major spelling mistakes or poor grammar.
  • It contains attachments from unknown sources that you were not expecting. Including malicious attachments with malware is a common phishing tactic.
  • It sounds urgent or threatening. Invoking a sense of urgency or fear is a common phishing tactic. Beware of messages trying to scare you into acting without thinking.

Here are a few more useful tips on how to spot a phishing email and what to do if you have taken action on one:

Check out the security tips in our article about protecting from phishing.
Back to top
Was this article helpful? 0 out of 0 found this helpful