Recognizing a Phishing Email

  • Check for personalization.
    Phisher emails are typically not personalized, while valid messages from your bank or e-commerce company generally are.
  • Look for urgency.
    If the message urges you to take an action right away or suggests dire consequences if you don’t, it’s probably a phishing attempt.
  • Examine images and company logos carefully.
    The more sophisticated phishing emails will often contain logos or images that have been stolen from the website of the legitimate company or faked to look like the real thing. Or the email itself may look like a website.
  • Verify a company’s contact information.
    A URL or link in a phishing email may contain a familiar company’s name and appear to be legitimate. Hover over a link to view the whole URL and verify it is going to where it says it is going. You can also make sure you are contacting that company by going to its website another way (e.g., by typing its legitimate address in your browser or selecting it from your browser’s bookmarks). If you don’t know the address, use a search engine to find the company’s website.

    • If you are on a mobile device or tablet, be sure you know how to “hover” over a link to see the actual address of that website. (Generally, this is done by clicking and holding the link and the actual URL will appear.)
  • Check the “From:” field in a suspicious email.
    The information in the “From” field of an email can be falsified. (We’re not going to tell you how, but it can be done in seconds). Look carefully and compare the real one with the one in the email. If there are any differences, be wary.
  • Pay attention to spelling and grammar.
    Misspelling and poor syntax are typical of many, but not all, phishing emails. Some appear to have been crudely translated from a foreign language. In addition, phishers often use intentional misspellings or substitutions of symbols for certain letters of the alphabet in an attempt to avoid spam filters.
  • Beware of pop-up forms.
    If a pop-up box appears in an email and asks you to enter information, it is likely to be a phishing attempt. Pop-up boxes are not a secure means to transmit information.
  • Be cautious about attachments.
    A phishing email may also include an attachment that could contain spyware or some other electronic threat. Never open an attachment, even from someone you know, unless you’ve verified that it’s safe.

Go to the Phishing main page.