Phishing emails are emails sent by a malicious source who are trying to trick you into providing private information. They can look like emails from your banking institution, school, insurance companies, you name it. The question is, how can you tell when an email is from the legitimate sender or if it is a malicious phishing email made to look like a legitimate sender. Here are some tips on what to look for to help identify your email.
- Check the signature of the email. Legitimate businesses will have a persons name and/or contact information. If the signature is lacking or nonexistent, be cautious.
- Check Spelling. Phishing emails can be created very quickly. Also, spammers are well known to lack spelling and grammar skills. If a legitimate email is being sent by a business, they will not misspell their own products. Also watching capitalization.
- If the email has nonsense, it is nonsense. Sometimes spammers will try and throw off mail filtering appliances by adding random words, sentences, and sometimes will even add passages from popular literature.
- IS THE EMAIL SHOUTING OR REALLY REALLY EXCITING !!!!!!!!!!!????? Legitimate businesses will not "Shout" or "yell" or appear to be jumping up and down. Emails that are written as if trying to really grab your attention or try and scare you are not going to be legitimate business email.
- Who's the email from? Always check the "MAIL FROM" address as well as the "Reply-to". Phishing emails may claim to be from the domain of a legitimate business you work with however you may see that the actual address used is for a random email address. Check spelling in the domain. Sometimes spammers will use a domain like: paypall.com instead of paypal.com. Looking quickly it may look like a legitimate domain but looking closer you can see it is not spelled correctly.
- No reputable service will ask in an email to enter sensitive personal information. If you receive an email requesting for personal information, do not respond via email or follow links. Instead, try calling the listed phone number for the actual business you work with and speak to someone directly.
- Do not click on links. Do not open files. Never follow links or open files from senders you do not know. Phishing emails typically will try and get you to follow a link or download a file. If your hesitant on the sender, error on the side of caution. Do not open.
- Just because it has a logo, does not mean it's legitimate. Phishing emails will try and replicate an official email from the business it is claiming to be from. They will import images and logos to match a company to try and trick you into believing in it.
Following these few steps should help you be able to quickly identify if an email is legitimate or not. If you are still concerned and unsure, contact the helpdesk. Also, most businesses will have an abuse email address you can forward your message on to. This will help the business review what is potentially being phished and act accordingly. They would also be able to tell you if it is legitimate.
Please remember, NEVER FOLLOW LINKS, DOWNLOAD OR OPEN ATTACHMENTS from an email you find suspicious.