How To Recognize Phishing Emails

Published
An example of a phishing email. Note several key details highlighted in red that give away this is a fake email.

Phishing is a way to acquire sensitive information without the user knowing. A website will pretend to be another website, such as a banking website. The website will then ask for login information, and trick the user into handing over their bank account or other sensitive information. Most of the time phishing websites are distributed through emails, so here I will tell you how to tell a real email from a phishing attempt.

Number 1: Examine the Message Grammar

Look for any obvious spelling or grammatical mistakes. Often these emails will be generated automatically and a computer can’t think intelligently as a human can. Also look for any “odd” English, such as some odd words or verbiage. Most of the time real company emails are very finely edited and do not contain many mistakes in the message body. Check for any mention of your name or username. Many times a phishing email will not use your name, rather they will use a general term such as Sir or Madam.

Number 2: Read What The Email Tells You To Do

Look for any odd or unusual instructions. One phishing email I have seen tells the user to enable ActiveX for scripts to preform data transfers. Think about this. Why would you have to let a script have access to do data transfers? Sure this could be legit, but most of the time a company email does not tell you to enable ActiveX. Look for any attachments to the email. Why would there be an attachment when the company could just refer you to their website? If the attachment has an funny file extensions, such as Attachment.pdf.htm, red flags should be going up.

Number 3: Look At The Message Header

Finally, look at the message header. It should say something like “person@companyname.com”. If it does not, it is probably a fake email. Also, check the “To:” address. Many times if it is a phishing email, it will be blank as the person who sent it does not know your name.

What to Do if You have a Phishing Email

Delete it immediately. Do not click on any attachments or website links, as these can contain harmful malware. Send a copy of the email along with the sender’s email address to the support team at the real company. Let them know that phishing emails about their company are going around. Add the phishing domain to your email block list. Also warn your family and neighbors, they could get a phishing email too.

Remember, if you are in doubt about whether an email is fake or not you can always go to the website directly (do not click any links in the email).

Thanks for reading my article, I hope this at least prevented one phishing email from doing damage!

Categorized as Tech