Phishing messages can look like they’re coming from a reliable source or website, but are actually malicious attacks designed to steal personal information and money. Learn to spot the telltale signs of phishing emails before you become a victim with this helpful guide.
Be suspicious of emails sent from unrecognized addresses, especially those from a source that looks like an official brand but with a very different address. Common signs of phishing include misspellings, odd combinations of letters and numbers and generic terms such as “admin” or “support” in the email address. If you are unsure about whether an email you received is from a legitimate source, don't open any attachments or click on any links it may contain - contact the company directly to find out if the message is genuine.
Another red flag is if the email encourages you to act urgently. Phishers want your attention, and they’ll use fear tactics like threats of account closure or a pending transaction to get it. Urgent language that includes phrases such as “ASAP”, “act now”, “immediate action required” and “time sensitive” should all be taken with a grain of salt. Legitimate messages may contain a sense of urgency, but phishing emails are often designed to make people panic and respond quickly without properly vetting the message. If you do receive an urgent request for information from a seemingly legitimate source, take your time before responding and always think twice before clicking any links it contains.
A common phishing technique is to use an urgent request for personal or banking information, such as passwords, credit card numbers and account numbers. This can be a sign that scammers are trying to gain access to your accounts. Be cautious when responding to requests for personal information and only provide such data if you are sure that it is a legitimate request from a trusted source.
Phishing emails will usually also have some clues that they are not legitimate. Common flags are poor spelling and grammar, a sender address from an unfamiliar domain, formatting that looks different from your usual communications, or the presence of phishing links with suspicious URLs. If you’re unsure about any message you receive asking for personal information, consider double-checking with the source before providing them with anything. It’s better to be safe than sorry – don’t give out your private data until you know for sure it is a legitimate request.
Another warning sign of a phishing attack is if you receive an email with an attachment that you weren't expecting or didn't request. These attachments are often malicious programs designed by criminals to capture your personal data, such as passwords and account numbers. As a golden rule, never open any attachments from unknown sources, even if they appear to come from a legitimate corporate address.
The email might also seem to come from a trusted source, like your bank, but this doesn't necessarily mean it is authentic. It could be a fake email address with a similar
name, designed to deceive you into giving up sensitive information or clicking on malicious links embedded in the body of the message. If you don't recognize the sender or it seems out of context, it's best not to open any attachments included in the email and delete it immediately.
Another telltale sign of a suspicious email is if the message itself is poorly written and contains misspellings or grammatical errors. Real businesses typically send well-written emails to their customers, as they are concerned about their reputation. Therefore, any emails containing typos and other inconsistencies should be watched out for and treated with extreme caution.
Additionally, if the wording of the email is strange and out of character for the company or individual it's supposedly from, then it may be a sign that something isn’t right. For example, if you receive an email from a business you regularly shop at that reads in all caps with lots of exclamation points, it should immediately raise some eyebrows. Real companies almost never send out emails like this, so it could be a clear indicator that the message is part of a phishing scam.
One of the red flags to look out for in an email is if it contains a sense of urgency, such as threats of consequences if you don't respond immediately. Most legitimate emails will give you ample time to respond and do not contain any type of scare tactics. If an email does have a threatening tone, it's important to double-check and make sure that it is from a legitimate source before clicking on any links or submitting personal information. Another tell-tale sign of a phishing email is that the message tends to have a panic type attitude. For example, they may include phrases such as "your account will be closed" or "your information will be stolen." They often contain official sounding language and can come off as intimidating. Be sure to look out for any unusual requests in these emails such as needing you to send money to solve an urgent matter, asking for personal information, or trying to lure you into clicking on links that lead to unknown websites. If you do not recognize the sender or feel pressured into responding quickly, it is best not to engage with the email.