Suppose that you receive an email from what appears to be your bank, warning you that some suspicious activity was noticed for your account. Concerned, you click on the link, and enter your login details hastily and instinctively, and a wave of relief washes over you. A thriving cybercriminal operation has ensued. Phishing emails are a huge source of danger, and recognizing them is the best way to stay safe from cybercrime.
Potentially unsafe sender address
One of the easiest giveaways is an unsafe or suspicious-looking sender address. Phishers often use email addresses that mimic those of trusted organizations, with only slight variations. A single character missing or an extra character in a domain name could be enough to trick the recipient. ‘support@bankofarnerica.com’ could easily pass as the real ‘support@bankofamerica.com’, fooling the unwary.
The sender’s address is your best clue, if you look closely. Real firms never use a public email service such as Gmail, Yahoo! Mail, or Hotmail for official business. Instead, as we have explained above, firms always use some kind of custom domain that matches their corporate names. So, if your employer suddenly starts sending official correspondence to your personal email, that is a significant red flag, especially if your company’s legitimate emails have been coming from a different domain. Or if some of their emails reach your spam folder. Check the sender’s email address against previous communiques and look for inconsistencies.
Fake or misleading web links
Phishing emails might include links that appear to take you to a legitimate web page, but in reality direct you to a clone, which is set up to try to steal your login credentials or other personal information. One important aspect of how to identify phishing emails is to examine the links they contain.
Another way to spot fakes is to hover over a link without clicking on it – you should see the actual URL at the bottom of your browser, so it’s easy to compare the link text with the actual added bit. If the URL doesn’t match or if it looks dodgy, just don’t click it. Put the cursor over the link, looking for small alterations such as in the URL www.paypa1.com that replaces the letter l with the number 1.
Errors in spelling, grammar, and formatting
Phishing emails often feature poor spelling and grammar. Genuine businesses work hard to communicate as clearly as possible, whereas cybercriminals tend to be a bit sloppy. Sentences that sound a bit odd or seem unnaturally awkward, or emails from seemingly respectable companies filled with spelling mistakes, can all be warning signs that you are being targeted by a phishing scam.
For instance, the email ‘Your account has a suspicious login. Pls click here to verify’ is almost certainly a fraud: any quality control process that a legitimate organization might have would catch and fix typing errors of this nature before it sent emails to customers.
Another clue is odd formatting, such as a mismatched font style or color. Again, emails from professionals come with consistent, logical formatting, while emails from phishers often do not. A phishing email might also employ forced urgency, like ‘Immediate action required’ in bold red text, which would be out of keeping with normal communication.
Potentially harmful attachments
A lot of phishing emails come with file attachments that look like genuine documents. Opening these attachments will cause malware to download and install itself on your computer. Files that have file extensions such as .exe, .zip and .scr are especially dangerous. However, even documents such as PDFs or Word files can be loaded with malicious code.
The real giveaway is context: did you expect this email and this attachment? If you didn’t, then back off. Don’t open the attachment – only open a document attachment, for example, if you can verify independently that it’s what you’re expecting. An invoice from someone you don’t know arriving unasked is a strong sign to back off.
Intimidating threats or deceptive urgency
Threats or a sense of urgency are major red flags of a phishing scheme. Emails might tell you that your account will be suspended in 24 hours if you don’t verify your login, or that a large penalty awaits you unless you update your billing information before the end of the business day. This pressure might cause you to act rashly and without thinking.
For instance: ‘Your account will be closed within 24 hours unless you verify your information right now!’ As a general rule, a legitimate organization gives you plenty of time to fix any problems with clear instructions on how to do so.
That’s a crucial clue to the scam, a pointer for how to identify fake emails. Don’t panic and check out the email carefully. Test-check the information, or contact the alleged sender using the contact information you know to be genuine, not just stuff in the email itself
Requesting sensitive information
Any request for personal information is a big warning sign for phishing emails. Companies will never ask for passwords, Social Security numbers or credit card numbers through email. Email is not a secure medium for this type of exchange.
If you receive an email asking you to provide information that you would not normally share – say, a request to ‘confirm your account details’ or ‘update your payment information’ – assume that it is a phishing attempt and use a separate, trusted communication channel to verify it.
Non-specific greeting
Another red flag is the generic greeting often found in phishing emails. When companies you frequent send you email, it’s usually addressed to you by name. Phishers, on the other hand, use generic greetings such as ‘Dear Customer’, ‘Dear User’ or ‘Dear [Your Email Address]’.
An absence of personalization suggests that the sender does not have your real information, but is sending indiscriminately to a broad group of recipients. An email that doesn’t greet you by name should signal you to look more closely.
Stay safe from phishing with WOT
WOT’s Email Protection provides you with an extensive set of anti-phishing features to protect your email. This includes warnings about phishing attacks and unexpected URLs hidden in the body of an email, as well as additional real-time protection. The Smart Email Detection tool includes the most advanced phishing protection for you, using advanced algorithm models to detect a suspicious email or activity.
Furthermore, WOT keeps you updated on the latest phishing trends and techniques, so you’re always a step ahead of the bad guys. Using the WOT browser add-on gives you a strong proactive solution against phishing attacks in email.
Don’t wait—secure your email now
Fighting back against phishing is both part technology and part human. Take a look at the indicators, stay aware of phishing signs, and never respond until you’re sure of what you are doing.
Be proactive and improve your email security with WOT’s Email Protection and other tools. Real-time phishing alerts can make a real difference. Protect your communications, personal, and financial data. Get it now.
FAQs
What should I do if I suspect an email is phishing?
If you have any doubts whatsoever that an email might be phishing, just don’t respond to it in any way. Do not click on any links. Do not open any attachments. Do not even reply to it. Instead, report it to your email provider and delete it from your account.
Can phishing emails really look like they are from my bank or company?
Yes, there are cleverly disguised phishing emails that can look as though they are from your bank or your company. Always validate that they are real on the official website of the company or by calling on a phone number you know to be genuine.
How often should I update my security software?
Keep up to date with your security software so that you benefit from the latest protection against new threats. Set up automatic updates so you are protected against evolving cybersecurity threats.
Is it safe to reply to a suspicious email to verify its legitimacy?
No, never reply to any dodgy-looking email. Instead, check the contact details against a verified source, e.g. the official phone number or the company website. Don’t install software unless you trust the source and unless this kind of software is appropriate.
What are the risks of clicking on a phishing link?
The consequences of a click can be a virus on your computer, theft of your data, unauthorized access to your accounts, and the availability of your passwords and other financial details.