How to Spot a Phishing Email from a Mile Away

Phishing is one of the most effective ways hackers obtain user information. The way a phishing attack works is the attacker will send an email to a massive amount of people that looks like it could be legitimate. The point is to get the user to hand over login credentials to any online account like your bank, your email, or your cloud storage. If the message looks legit enough, users will fall for it and willingly hand over their sensitive information to the bad guys.

There are definitely ways to protect yourself from phishing scams, but they require a little bit more effort and thought on your part. If you follow these steps though, you should be safe!

Step 1: Stop and Think

Most phishing emails will attempt to frighten or give you a sense of urgency. This is on purpose. They want your brain to go into a “flight or fight” mode, which turns off your reasonable thoughts. You are scared, and you feel like you need to take immediate action. You don’t think about it, you just act. Anytime you receive an email that makes you want to handle the problem right away, take a minute, take a few breaths, and then follow the rest of these steps.

Step 2: Check for Spelling & Grammar

There are a few tell-tale signs of a phishing email that will give it away. The first sign is spelling and grammar mistakes. English is a crazy mixed up language where we make rules and immediately break them. I before E… always, except after C… oh and when it is pronounced like an “a” like neighbor and weigh. There are many nuances in the English language that are hard to translate, and many attacks originate outside of the United States.¬† So, read the email out loud to really help you catch the grammatical¬†errors, and check the email for spelling mistakes. Most official emails will be the product of several eyes, which would spot these mistakes right away before it was sent. If one or two mistakes are present, it’s most likely a phishing scam.

Step 3: Check the Link

Did you know that you can hover your mouse over a link, even within a web browser, and it will tell you the URL you will be sent to when you click? This is a great little tool to sniff out phishing scams. Move your mouse over the link inside the email. Unless it shows something like britecity.com, where the business name is followed by a .com, then DO NOT CLICK. Even if it says something like britecity.domain.com. The most important part is what it says before the ending extension. So something like britecity.us might be ok as long as it doesn’t say britecity.domain.us. Any person can use any words as a “subdomain” to make it appear more legitimate. If you are even a little bit suspicious, don’t click the link inside the email at all. Directly navigate to the appropriate website by typing the URL in your address bar instead.

Step 4: Check the Return Address

Scammers can put anything they want as their name. Such as “PayPal Support”. If you look at the address of who the message actually came from though, you may see that it says from: PayPal Support <paypalsupport@yahoo.com>. I promise you, PayPal isn’t going through Yahoo for their email. There are ways of spoofing email addresses though, so even if it DOES say it comes from a paypal.com email address, but the other signs are there, don’t trust it.

Step 5: Confirm the Email

If you are still unsure, confirm the email with the sender. DO NOT REPLY TO THE EMAIL. If the sender is a friend of yours send them a separate email asking if they sent you the email or file. If the email is from a company, call the company or send an email directly to your contact at the company to verify the legitimacy of the email.

If all else fails, go with your gut (after you breathe a bit). If the email doesn’t FEEL legit, it probably isn’t.