Recognizing a Phishing Email
- Check for personalization.
Phisher emails are typically not personalized, while valid messages from your bank or e-commerce company generally are.
- Look for urgency.
If the message urges you to take an action right away or suggests dire consequences if you don't, it's probably a phishing attempt.
- Examine images and company logos carefully.
The more sophisticated phishing emails will often contain logos or images that have been stolen from the Web site of the legitimate company or faked to look like the real thing. Or the email itself may look like a Web site.
- Verify a company's contact information.
A URL or link in a phishing email may contain a familiar company's name and appear to be legitimate. To make sure you are contacting that company, use the telephone or go to its Web site another way (e.g., by typing its legitimate address in your browser or selecting it from your browser's bookmarks). If you don't know the address, use a search engine to find the company's Web site.
- Check the "From:" field in a suspicious email.
The information in the "From" field of an email can be falsified. (We're not going to tell you how, but it can be done in seconds). Look carefully and compare the real one with the one in the email. If there are any differences, be wary.
- Pay attention to spelling and grammar.
Misspelling and poor syntax are typical of many phishing emails. Some appear to have been crudely translated from a foreign language. In addition, phishers often use intentional misspellings or substitutions of symbols for certain letters of the alphabet in an attempt to avoid spam filters.
- Beware of pop-up forms.
If a pop-up box appears in an email and asks you to enter information, it is likely to be a phishing attempt. Pop-up boxes are not a secure means to transmit information.
- Be cautious about attachments.
A phishing email may also include an attachment that could contain spyware or some other electronic threat. Never open an attachment, even from someone you know, unless you've verified that it's safe.
Go to the Phishing main page.