You can protect yourself against phishing by carefully reading every message that hits your inbox.
A message is phishy if it has the following things in it.
- It is asking you to update or fill in personal information. Always remember that a reputable business does not ask for personal information via email.
- The "From" address imitates a legitimate address, especially from a business. A favorite phishing tactic among cybercriminals is to spoof the display name of an email.
- It contains mismatching URLs. The URL shown on the email and the URL that displays when you hover over the link are different from one another.
- It begins with a vague statement like "Dear account holder". Reputable companies will have your name in the salutation, opposed to "valued customer" or "to whom it may concern".
- It is badly written and contains typos, misspellings, unnecessary capitalizations. Legitimate messages usually do not have major spelling mistakes or poor grammar.
- It contains attachments from unknown sources that you were not expecting. Including malicious attachments with malware is a common phishing tactic.
- It sounds urgent or threatening. Invoking a sense of urgency or fear is a common phishing tactic. Beware of messages trying to scare you into acting without thinking.
Here are a few more useful tips on how to spot a phishing email and what to do if you have taken action on one: