How to Identify phishing emails
By: Anthony Prats
The best response to any suspicious emails is to not click on anything, record who sent it and at what time, delete it, then contact us.
TIPS for identifying phishing emails.
- The displayed name is different than the sender’s email address
The display name could be something innocuous like MICROSOFT SUPPORT or BANK OF AMERICA, but when you look at the actual sender’s email address it could be from <firstname.lastname@example.org>
- The domain (after the @) does not appear to be a legitimate company
Usually a company will have a subdomain for notification accounts like email@example.com This is normal because only Wells Fargo could add onto their domain like that.
Again, if you pay close attention to the sender’s email address, you can discern a lot of information. Someone who is claiming to be your bank would not send from firstname.lastname@example.org or email@example.com Make sure there are no spelling mistakes in the senders address if you receive a suspicious email
Hovering your mouse over a sender will show a down arrow on the right to open the contact card
When you click the downward arrow on the right you can check who the sender’s info
- Spelling mistakes or strange wording in the subject or body
Most attempts at phishing are done by non-native speakers, so there can be some glaring grammar mistakes. Another way to get around spam filters is to add spaces to frequently used spam keywords like “F A X” in the subject line.
- You don’t know who sent it
In this example, we do not have a fax service setup to email us when faxes are sent. This is a big red flag, so right off the bat we know that this is an attempt to get us to click something.
- High importance
Phishing attempts will also use an “Important” Flag to catch your eye or if your messages are filtered to show only important ones, it will help the message get through.
- Links will take you somewhere else
If you HOVER OVER WITH YOUR MOUSE BEFORE YOU CLICK the links that are sent to you, you can see where it is trying to take you BEFORE YOU CLICK. You can see if they are trying to send you to an unfamiliar site or something completely unrelated to what the email is pertaining to. Sometimes the whole message is one big clickable link.
Example of hovering over a link