Recognizing a Phishing Email

Check for personalization.

  • Phisher emails may be personalized.
  • Valid messages from your bank or e-commerce company generally are.

Look for urgency.

If the message urges you to take an action right away or suggests dire consequences if you don’t, it’s probably a phishing attempt.

Examine images and company logos carefully.

  • The more sophisticated phishing emails will often contain logos or images that have been stolen from the website of the legitimate company or faked to look like the real thing.
  • Or the email itself may look like a website.

Verify a company’s contact information.

  • A URL or link in a phishing email may contain a familiar company’s name and appear to be legitimate.
  • “Hover” over a link (without clicking) to view the entire URL and see the actual address of the destination website.
    NOTE: If you are on a mobile device or tablet, be sure you know how to “hover” over a link.
    Generally, this is done by hovering over and then holding the link (but do NOT click), and the actual URL will appear.
  • Contact a company by going to its website another way. For example:
    • Type its legitimate address in your browser address window.
    • Select it from your browser’s bookmarks.
    • Use a search engine to find the company’s website.

Check the “From:” field.

  • The information in the “From” field of an email can be falsified.
    (We’re not going to tell you how, but it can be done in seconds).
  • Look carefully and compare the real one with the one in the email.
  • If there are any differences, be wary.

Pay attention to spelling and grammar.

  • Misspelling and poor syntax are typical of many, but not all, phishing emails.
  • Many appear to have been crudely translated from a foreign language.
  • Phishers often use intentional misspellings or substitutions of symbols for certain letters of the alphabet in an attempt to avoid spam filters.

Beware of pop-up forms.

  • If a pop-up box appears in an email and asks you to enter information, it is likely to be a phishing attempt.
  • Pop-up boxes are not a secure means to transmit information.

Be cautious about attachments.

  • A phishing email may also include an attachment that could contain malware or some other electronic threat.
  • Never open an attachment, even from someone you know, unless you’ve verified that it’s safe.

Go to the Phishing main page.