Ever get one of those emails that just doesn’t seem quite right? Maybe the sender’s address is off, or the message is poorly written. Chances are, it’s a phishing email trying to scam you. Phishing emails are designed to trick you into clicking malicious links, downloading viruses, or sharing sensitive information like passwords. While phishing scams have become incredibly common and sophisticated, the good news is that once you know the signs to spot phishing emails, you can easily avoid becoming a victim. This guide shows how to analyze emails with a critical eye so that you can detect phishing attempts before clicking the links. By the end, you’ll be an expert at spotting phishing emails and keeping your accounts and information safe.
What Is Phishing?
Phishing emails are fraudulent messages designed to trick you into providing sensitive information or downloading malware. Phishers send emails posing as a legitimate company to steal usernames, passwords, account numbers, or just have you download malware to your computer.
These malicious emails are increasing in numbers by the day and are getting so sophisticated and realistic, that it is difficult to distinguish the real ones from the bad ones.
Common Tactics Used in Phishing Email
The following are some of the tactics that scammers use to try and trick you into clicking links or downloading attachments:
Urgency and Fear
These phishing emails often use scenarios to create urgency or strike fear into you. For example, they may claim that your bank account has been hacked, and all your money is currently being transferred out. You will need to click the link to verify yourself to stop the transfer.
Imitating Trusted Brands
Scammers are skilled at spoofing the names and logos of well-known companies to appear authentic. They will often use the same design and logo as the trusted brands to send you emails. If you are not careful, you can be conned easily.
Disguised as Someone You Know
Your contact lists and email accounts can be hacked into to send messages that may appear to come from friends or family. This one is easier to detect, as the message is often off, and they may make unusual requests from you, such as transferring money or password access for the bank.
Too Good to Be True
Messages promising free money, gift cards or extravagant prizes are typical of a phishing email.
Attachments and Links
This is probably the most dangerous and hard to defend against, as some of the attachments can run by themselves when you open the email. These attachments often contain malware, viruses, etc., to infect your device or steal your data.
Protecting Yourself From Phishing Scams
Take these measures to protect yourself from phishing scams:
Suspicious Senders
Check the sender’s email address to make sure it matches the company or person it claims to be from. Phishers often spoof real company names or use addresses that look similar. If the email is from someone you don’t know or recognize, ignore or delete the email.
Alarming Language
Messages that convey a sense of urgency or demand immediate action are likely phishing attempts. Watch out for language like “must act now” or “account will be terminated.”
Requests for Personal Information
Never provide sensitive data, like passwords, social security numbers, or credit card numbers, via email. Legitimate companies won’t ask for confidential information in an email.
Links and Attachments
Be wary of unsolicited links, downloads, and attachments in emails. They could contain malware, viruses, or ransomware. Even if the message seems legitimate, it’s best to not click on any links or download any unsolicited files via email.
Spelling/Grammar Errors
Phishing emails often contain poor spelling, grammar, and punctuation. While this isn’t always a sign of a scam, it can be an indicator that the sender may not be who they claim to be. Legitimate companies usually have professional content creators crafting their messages.
Tip: also learn how to protect yourself against these Facebook Marketplace scams.
What to Do If You Get a Phishing Email
If you get a phishing email, don’t reply, click any links or download any attachments! Instead, take these actions:
Report It
Forward the phishing email to spam@uce.gov and your company’s security, if this happened through your business email. Reporting the phishing attempt helps authorities track malicious groups and block future phishing campaigns.
Delete It
Delete the phishing email immediately. Don’t even open it, as some phishing emails contain malware attachments that activate just by previewing the message. Delete the email from your inbox, and trash any other folders.
Be Wary of Follow-Ups
If you have unknowingly replied to the phishing email, ignore and delete the follow-up emails. Phishers will sometimes send another message shortly after the first one, claiming that you need to “verify” or “update” your information. Delete any follow-ups immediately without responding further.
Change Passwords and Enhance Security
If you entered any login credentials or financial information in the phishing email, change those passwords immediately. Phishers use stolen login info and credit card numbers to access accounts or open fraudulent ones.
For important accounts like banking and social media, enable two-factor authentication. This adds an extra layer of security for your logins. Even if your password is stolen, phishers will not be able to access your accounts without the additional authentication.
Use Antivirus
Most antivirus software are capable of detecting malware in your email attachments. That is why you should have an antivirus software to constantly scan your email inbox. For Windows users, we found that the free Windows Defender is good enough for most people.
Now that you know the warning signs, you will be more protected against these phishing emails. Next, learn how to combat cellphone phishing attacks and LinkedIn scams.
Image credit: 123RF
Our latest tutorials delivered straight to your inbox
