Employee-friendly Content Cybersecurity - Prevention Blog

Stay Phish Proof: Best Practices for Spotting Phishing Emails

With emails being such a common tool for communication, both in the business world and on a personal level, phishing emails are becoming more common as well.

Check out this short video (less than 10 minutes) for some of the quickest ways to spot a phishing email, and what to do if you receive one.

Below the video, you can find more information on phishing emails.

Don’t get phished!

What is a phishing email?

In order to understand how to spot phishing emails, it’s important to first understand exactly what they are. Phishing is a type of online scam where hackers attempt to trick the recipient into thinking the email is coming from a trusted source. With hackers becoming more skilled with their impersonation techniques, it can sometimes be difficult to know what’s real versus what’s fake.

Phishing emails typically appear to come from someone you know or a company you regularly deal with. It could look as if its coming from a co-worker, your bank, or even a store that you regularly shop at. When in reality, there’s a hacker on the other end of that email hoping that you provide any secure information.

Attachments, links, and files – oh my!

There’s a couple different methods that cybercriminals use within phishing emails to try and obtain any sort of valuable information.

Often times, hackers will attach a malicious file to the email and ask for you to download it. Once downloaded, any malware that was embedded in the file can infect your computer. Simply put, if you’re unsure about an attachment in an email, it’s always best to err on the side of caution before clicking or downloading.

Another common way hackers can include malware is through external website links. The email may direct you to follow a link that leads to an infected site, which then in turn infects your computer. Sometimes, these links will also ask you for secure information, such as your password or banking credentials.

Occasionally, phishing emails will not include an attachment or a link, but rather just out-right ask for your personal or secure information within the email itself. While you’re not downloading anything or following a malicious link, interacting with the email at all could potentially still put you at risk.

Know what to look for.

So, now that you know what it is and how it operates, what are some of the common telltale signs of a phishing email?

1. Check the “from” line.

Ask yourself these questions:

  • Am I expecting an email from this sender?
  • Does this look like someone who should be emailing me?

You should also look at the domain of the sender. Make sure that its a legitimate domain for who they claim to be, and that it doesn’t have any misspellings. Often times hackers will either make a very similar domain to whomever they’re attempting to impersonate, or they will make a few typos that are easy to spot.

2. Look at the subject line.

You can again ask yourself the same questions as above. Does this sound like something you should be receiving? If not, you immediately have a red flag before even opening the email. Grammatical errors and misspellings are also pretty common in the subject line of a phishing attempt, so it’s important to read carefully.

3. Move to the body of the email.

So you’ve checked out the sender, you’ve analyzed the subject line, and it all looks fine. Where do you go from there?

Next, complete a scan of the body of the email. A huge indicator of a phishing email within the message itself is again, grammatical errors and misspellings. Also, pushing urgency and asking for any sort of confidential information should immediately give you a sign to be aware. In most cases, these cybercriminals are hastily creating these emails and trying to catch anyone that may slip, so you can often times find their mistakes if you look close enough.

Be extremely mindful of any links embedded within the body of the email. As mentioned above, hackers will often send you to a malicious website that can in turn infect your computer. Before clicking, you should always hover over a link to be able to see the entirety of where it will be taking you. The link may appear as if it’s taking you to something you need and/or would be interested in, but in reality could be routing you to an entirely different site.

What do I do with a phishing email?

If you think that you’ve received a phishing email, you should always report it. Especially if you’re using a company email address, reporting back to your team could help others to be on the lookout and prevent someone from accidentally falling victim.

If you’re using a personal email address, and you think you’ve received a phishing email from a company, there is usually an email address from the business that can be used to forward the malicious email so that the company is made aware. For example, if you receive a scam email from someone pretending to be Netflix, the actual Netflix company has a specific email address that you can forward the message to. That would then alert Netflix and allow them to address the situation promptly.

Stay vigilant!

Be sure to always double-check when opening and interacting with emails, especially when its from someone you may not be expecting an email from.

Take a very close look before clicking or downloading anything within the email. And, as always, if you think something looks suspicious, it’s better to be overly cautious, than to accidentally infect your computer.