How To Spot a Phishing Email

Cybercriminals are always trying new ways to obtain to gain your personal information.

One of the ways they do this is through email phishing. Learn more about phishing and how to protect yourself and your organization from threats. 

What is Phishing?

Phishing is when cybercriminals pose as an existing authority through emails, phone calls, or text messages. They lure people into providing sensitive information such as banking credentials, credit card numbers, social security numbers, social media profiles, and more.

 

5 Ways to Spot a Phishing Email

These are five common signs of a phishing attempt via email:

1. Incorrect Email Domains

 

An incorrect email domain is the biggest way to tell if an email is phished. 

 

If the email comes from a reputable source, the address will reflect that. Examples of this include @amazon.com, @spotify.com, or @venmo.com. 

If the sender claims to be Amazon, but the return email address is something like amazon1234@gmail.com, you’ll know it’s not real. 

 

The same principle applies to emails that appear to come personally from someone in your organization. So, for example, if the name is “Bob Smith” but the email address doesn’t follow your organization’s typical email structure (such as bsmith@organization.org) or looks something like hg149jsf@gmail.com, then you’ll know it’s fake. 

 

ALWAYS pay attention to the domain as your first step in stopping a phishing attempt!

2. Bad Grammar and Writing Style

Many phishers will send emails that appear to be from your bank or your Netflix account, but they are often written poorly or have many spelling and grammatical errors. 

 

Reputable companies will always send formal, professional, and written correspondence with high standards in mind. If you notice many errors in an email “from” your bank, it’s likely a phishing attempt. 

 

3. Unfamiliar Greetings or Odd Phrases

Many fake emails begin with “Dear Sir or Madam” or something similar. If the relationship is “from” someone you frequently interact with in your organization, they should know you personally and won’t start an email conversation with something impersonal. 

 

Additionally, think through the structure of the email received. If it’s “from” someone you know, but the cadence seems weird, or the request seems out of place, it’s likely fake. 

 

4. Suspicious Links or Attachments 

Be wary of clicking on links or opening attachments from an email, especially if it’s from someone who has never sent something to you or seems suspicious. 

 

Make it a habit always to check links before you click on them. You can do this by hovering over the link. For example, the link text may say “regions.com,” but when you hover over the text, the link may be “amz.12345.gohere.com” which takes you to a fake site.

 

5. Sense of Urgency Or Unexpected 

Several phishing attempts will use urgency to prey on you. For example, the email will state that you need to update your payment credentials or risk losing your account immediately. Some emails even look like they’re from people you know who are asking you to send money ASAP. 

 

Additionally, some scams try to catch you off guard. They’ll try an attempt such as “We tried to deliver a package to your home but ran into trouble. Please call us at XXX-XXX-XXXX to discuss this matter.” These phishers count on you calling the fake number to secure your information. 

 

Make sure you take a moment to stop and think about the legitimacy of this email BEFORE you take any action. When in doubt, call the person or business you got the email from to verify if the situation is real. 

 

What to Do If You Receive a Phished Email

If you know that you’ve received a fake email, be sure to follow these steps:

  • Do not click any links or attachments!
  • Report the email to your IT department. You can also report it as spam to your email service provider (Google, Outlook, etc.). 
  • Delete the email. 

 

What to Do If You Think You’ve Been Phished

Even the most vigilant people can sometimes fall prey to a phishing attack.

 

If you’ve been phished:

  • Takes notes of everything from when you received the email, clicked the link, entered your credentials, etc. 
  • Alert your IT department. They’ll need to act quickly to ensure viruses don’t spread, that others in your organization don’t fall for the scam, and that there’s been no data breach.
  • Change passwords of any account you shared your credentials with. 
  • Alert your bank, credit card company, etc., and let them know there could be fraud coming soon.
  • Alert the local authorities if you are a victim of identity theft or money loss. 

 

Phishing Protection Services by Aegis IT

At Aegis IT, we take cybersecurity seriously. We want to help your organization stay safe from dangerous phishing scams. 

 

That’s why we offer phishing protection services. We train your employees to protect themselves and your organization from phishing attempts. 

 

We also offer a wide range of cybersecurity and email security services. Call us today to discuss your IT security needs and how we can best serve your business.

 

Contact Us

Phone: 423-343-5160

Email: Support@ThinkAegis.com