Spot the Signs of an Email Phishing Scam

Phishing is a type of cyber-attack involving a victim being contacted, often through email, by a person posing as a legitimate company or organization, with the intent to trick the victim into giving up personal or sensitive information. Often a phisher will attempt to obtain usernames, passwords, bank information and credit card details.

Email Red Flags to Look For

Phishing emails sometimes include links to websites that attempt to trick their victims into entering their username and password into a site impersonating a real website. Here are some ways to spot signs of phishing in your inbox.

  • Hyperlinks: If an email has a link asking you to click on it and you were not expecting this email or do not recognize the company, do not click the link without confirming that it’s legitimate. Looking for small spelling errors or name changes can help you determine whether the link is legitimate or not.
  • Offers that seem too good to be true: Common examples of phishing offers include statements such as, “You have won the lottery,” or “Click here to win an iPhone!” Unfortunately, if the offer seems too good to be true, then chances are it is.
  • Sense of Urgency: Often the sender will make the request feel urgent. This could be a limited time offer for a prize, a warning that your account has been compromised, or a warning that an important account will be suspended if you do not act immediately. If you are concerned about this, it’s safest to contact the company in question directly.
  • Unusual or Unrecognized Sender: It is a good practice to be wary of any emails you receive that are coming from a sender you don’t recognize. If it’s from a sender you do recognize but the content of the message seems suspicious, ask yourself, “would this person write this way?”, “would this person make this request?”, or “does this person usually contact me here?” If you are skeptical of the email and know the sender, it’s best to give the person a call to confirm if they did send the email. They may not know that their account has been compromised.
  • Attachments: If you were not expecting an attachment in an email, it’s best not to open the attachment. Attachments can often contain malware or viruses that harm your digital devices. If you know the sender personally, reach out to confirm that they did send the attachment. 

The infographic below has some additional tips for identifying a phishing email.