Keep personal information private
- Be suspicious of any email requesting your personal information (e.g., mobile phone number, other email addresses), especially if an offer sounds too good to be true./li>
- These items can be exploited, especially when combined with other information about you.
Check for personalization.
- Phisher emails may be personalized.
- Valid messages from your bank or e-commerce company generally are.
Look for urgency.
If the message urges you to take an action right away or suggests dire consequences if you don’t, it’s probably a phishing attempt.
Examine images and company logos carefully.
- The more sophisticated phishing emails will often contain logos or images that have been stolen from the website of the legitimate company or faked to look like the real thing.
- Or the email itself may look like a website.
Verify a company’s contact information.
- A URL or link in a phishing email may contain a familiar company’s name and appear to be legitimate.
- “Hover” over a link (without clicking) to view the entire URL and see the actual address of the destination website.
NOTE: If you are on a mobile device or tablet, be sure you know how to “hover” over a link.
Generally, this is done by hovering over and then holding the link (but do NOT click), and the actual URL will appear. - Contact a company by going to its website another way. For example:
- Type its legitimate address in your browser address window.
- Select it from your browser’s bookmarks.
- Use a search engine to find the company’s website.
Check the “From:” field.
- The information in the “From” field of an email can be falsified.
(We’re not going to tell you how, but it can be done in seconds). - Look carefully and compare the real one with the one in the email.
- If there are any differences, be wary.
Pay attention to spelling and grammar.
- Misspelling and poor syntax are typical of many, but not all, phishing emails.
- Many appear to have been crudely translated from a foreign language.
- Phishers often use intentional misspellings or substitutions of symbols for certain letters of the alphabet in an attempt to avoid spam filters.
Beware of pop-up forms.
- If a pop-up box appears in an email and asks you to enter information, it is likely to be a phishing attempt.
- Pop-up boxes are not a secure means to transmit information.
Be cautious about attachments.
- A phishing email may also include an attachment that could contain malware or some other electronic threat.
- Never open an attachment, even from someone you know, unless you’ve verified that it’s safe.
Go to the Phishing main page.