Spotting Phishing Attempts

"A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. It could also be a scam that convinces users to send money or personal information"

  • U.S Department of Homeland Security

Phishing Attempts are Often Tricky to Spot

Phishing emails tend to automatically get listed as spam in your inbox, however every once in a while one might manage to slip through. This is why you should always be on the lookout for suspicious-looking emails. Because these scammers are trying to trick you into giving away information, or into downloading malware, they do their best to mask these phishing attempts.

Most types of phishing use some form of technical deception designed to make a link in an email appear to belong to the spoofed organization. Another common trick is to make the displayed text for a link suggest a reliable destination when the link actually goes to the phishers' site. Outside of these technical tricks, they also commonly use different types of psychological tricks as well. You should always think twice before trusting any emails that you don't find 100% trustworthy.

Scammers may dig up personal information about you on social media, company websites, or other public profiles in order to make their communications more personalized—and more challenging to detect.

Look for These Red Flags

In the image below, you see an example of an actual phishing email. We've pointed out suspicious details about it with the plus icons, click on them to see more details about each aspect.

Kuva Labeled Graphic -komponentti, jonka tekstitiedot alla

Mass Emails

  • Were you cc'd on a group email?
  • Do you know the other contacts in the group?
  • Is the group an unusual mix of people?

A Generic Subject Line or Salutation

  • Dear Valued Customer
  • Dear Member

Hyperlinks or Attachments Hyperlinks

  • Links that don't match the destination
  • Links with misspelling
  • Links with little context or explanation Attachments.
  • Unexpected attachment
  • Attachments ending in .exe

Emphasized urgency Trying to make the message sound urgent, often by mentioning either failed payments or account deletions.

Grammar, Spelling, or Punctuation Errors Official messages from companies don't have amateurish typos or punctuation mistakes.

Unfamiliar or Illegitimate Senders If you are suspicious of the email, check the sender's email address. Is it legitimate? Does it match the standard address for the company that the email claims to represent? Also, if you've never heard of the company in the first place, and you get an email that looks like this, something fishy is definitely going on

Questions you Should Ask Yourself When Trying to Spot Phishing Emails

Is the email unsolicited? Receiving an email randomly from a person or company you don't know should raise red flags right away. There types of emails tend to automatically get listed as spam for a reason.

Does it ask for your personal or accont information? Companies and official services practically never ask for extremely personal information through email.

Does the topic of the email sound urgent? Could it possibly be using fear tactics? If the email sounds urgent, and they are requesting you to fill in personal information (banking, credit, etc), this should immediately raise some red flags. Any mention of an instant account deletion should also be treated with suspicion.

Does it offer you something for free? The oldest trick in the book. Just getting something for free completely randomly, should raise your suspicions about the legitimacy of the email right away

Does the email feel strange or does it not make sense? If the general layout or topic of the message seems strange to you, there is a good chance this is a scam of some sort.

If you notice any of the previously listed warning signs, you should report the email to officials, and then delete it right away. Don't click on the email's links or attachments. Better yet, don't even open the email if it feels "phishy" to you, just delete it right away. Now that you have a basic idea of how to spot these emails, the next lesson will test out how well you can do so in practice.

Knowledge Check

Exercise: