Phishing emails tend to automatically get listed as spam in your inbox, however every once in a while one might manage to slip through. This is why you should always be on the lookout for suspicious-looking emails. Because these scammers are trying to trick you into giving away information, or into downloading malware, they do their best to mask these phishing attempts.
Most types of phishing use some form of technical deception designed to make a link in an email appear to belong to the spoofed organization. Another common trick is to make the displayed text for a link suggest a reliable destination when the link actually goes to the phishers' site. Outside of these technical tricks, they also commonly use different types of psychological tricks as well. You should always think twice before trusting any emails that you don't find 100% trustworthy.
Scammers may dig up personal information about you on social media, company websites, or other public profiles in order to make their communications more personalized—and more challenging to detect.
In the image below, you see an example of an actual phishing email. We've pointed out suspicious details about it with the plus icons, click on them to see more details about each aspect.
Kuva Labeled Graphic -komponentti, jonka tekstitiedot alla
A Generic Subject Line or Salutation
Hyperlinks or Attachments Hyperlinks
Emphasized urgency Trying to make the message sound urgent, often by mentioning either failed payments or account deletions.
Grammar, Spelling, or Punctuation Errors Official messages from companies don't have amateurish typos or punctuation mistakes.
Unfamiliar or Illegitimate Senders If you are suspicious of the email, check the sender's email address. Is it legitimate? Does it match the standard address for the company that the email claims to represent? Also, if you've never heard of the company in the first place, and you get an email that looks like this, something fishy is definitely going on
Is the email unsolicited? Receiving an email randomly from a person or company you don't know should raise red flags right away. There types of emails tend to automatically get listed as spam for a reason.
Does it ask for your personal or accont information? Companies and official services practically never ask for extremely personal information through email.
Does the topic of the email sound urgent? Could it possibly be using fear tactics? If the email sounds urgent, and they are requesting you to fill in personal information (banking, credit, etc), this should immediately raise some red flags. Any mention of an instant account deletion should also be treated with suspicion.
Does it offer you something for free? The oldest trick in the book. Just getting something for free completely randomly, should raise your suspicions about the legitimacy of the email right away
Does the email feel strange or does it not make sense? If the general layout or topic of the message seems strange to you, there is a good chance this is a scam of some sort.
If you notice any of the previously listed warning signs, you should report the email to officials, and then delete it right away. Don't click on the email's links or attachments. Better yet, don't even open the email if it feels "phishy" to you, just delete it right away. Now that you have a basic idea of how to spot these emails, the next lesson will test out how well you can do so in practice.