Have you ever received an email from a Nigerian prince? Or been notified that you won a contest you never entered? If so then you have encountered a phishing scam. These in particular tend to be easier to spot, but some can be so well targetted that even cybersecurity professionals fall prey to them. Here you will learn how to spot and protect yourself from phishing emails.

What phishing Emails Are

Phishing emails are a pervasive threat. They target unsuspecting individuals with the aim to trick you into revealing sensitive information or taking harmful actions. Spotting these emails involves spotting key red flags that are dead giveaways to the intention behind the message.

Sender’s Email Address

This is probably the first and easiest red flag to check. Is the sender’s email address valid? Pay attention to the domain name and look for odd things like misspellings. For example, let’s say your bank’s email is “support@yourbank.com” but you receive an email from “support@yourbannk.com” Do you see what’s happening here? The email looks nearly identical but notice the extra “n”. These are the types of nefarious tactics criminals will use to attempt to trick you into entering your log in credentials into a look-a-like page so that they can then log into the real thing.

Tricks like this are simple but effective. Our brains are wired in a way in which even for misspellings we will interpret them as correct. Add to that the confusion on how internet naming conventions work and you have the perfect recipe for malicious intent. To demonstrate this, take a look at the following URLs for “yourbank” all completely unique URLs:

  • “your-bank.com” – notice the hyphen, which makes this a completely new site
  • “yourbank.deposit.com” – This would take you to “deposit.com” not “yourbank.com”
  • “y0urbank.com” – notice to zero instead of an ‘o’
  • yourbank.co” – notice that the ending of the site does not end with “.com” but instead “.co”? While it appears nearly identical the “.co” is a completely different domain ending type. Others include “.io”, “.org”, etc.

Poorly Written Or Generic

Often, phishing emails have many grammatical errors or poor sentence structure. With the advent of AI-generated phish emails, this is becoming less true. However, a large number of phishing emails are produced in overseas rings where English is a second language. When you receive an email that has these issues, be on guard. Remember that emails from actual businesses will have taken the time to ensure the grammar is correct and the messaging is easy to read.

Did the email sender address you by name? Phishing emails are often sent out to large groups of people at once. The criminal will have a large data set of email addresses but no other context as to who the person is. So the message will be generic and not use your name. Legitimate businesses usually have at minimum your first name saved and will send emails addressed to you.

Urgent or Threatening Tone

This is a giant red flag. Using urgent or threatening tones is a psychological trick. The sense of urgency puts you in a panic state which will cause you to overlook details. This is exactly what the bad guys want. You will miss the very details they needed to change to make their plan work.

Remember that no matter how urgent the matter may seem, it rarely is something that needs to be addressed at that exact moment in time. Common scams you’ll see here are:

  • “Urgent, Unauthorized transaction detected”
  • “You will face legal consequences”
  • “You will suffer financial loss”
  • “Claim your prize within 1 hour.”

Just don’t do it. The fallout isn’t worth it.

If you ever win something from a contest you didn’t enter. Scam.

Any urgent matters related to banking or credit cards should be handled by calling the numbers on the back of your credit card or account statement. DO NOT call the numbers provided in emails. These are likely scams.

Example phish email with red flags denoted. They include: Poorly written & generic, Not a business email, Urgency, and url doesn't match business name.

Request for Personal Information

Never give out your personal info when requested via email. Or via a phone number in an email. Or in general.

This is a huge red flag, Legitimate organizations rarely ask for sensitive information over email and if they did you shouldn’t provide it. If you are being asked for credit card details, your social security number, or any other sensitive info, know that it is likely a scam.

Even if the email is not a scam, information sent via email is often permanently saved by the email provider. Even when you delete an email, the company operating the service still saves it in its database. They just don’t continue to show it to you.

Suspicious Links or Attachments

Here we begin to get to the very purpose of the phishing email in the first place. To get you to do something that will result in software being installed on your machine that will allow the criminal to steal your data or gain access to your machine.

When you receive an email, mouse over (do not click) the link. On most modern-day computers, the URL for the link will load in the bottom left of your screen. Take a close look at this, does the URL match what you are expecting? If you receive an email that claims to be from Wells Fargo, but the link goes to “welliesfargo.com” then you know this is a scam. The same rules apply here as stated in the sender’s email address section above.

When there is an attachment as part of the email, unless you were expecting it, don’t click it. It is very easy to mask malicious software as things like Word/Excel docs, images, etc.

URL shorteners

There is another kind of link that is tricky and difficult even for professional experts, and that is the URL shortener. These are special URLs that make the original URL shorter. I know that sounds odd, but chances are you have seen these. A couple of popular ones are Bitly (bit.ly addresses) and TinyURL (also appears as tiny.one addresses) These are services that will take whatever URL you wish and create a new, shorter URL that will take you to the same place.

The problem with these, as you can probably guess is that it masks where a URL will actually take you. For these, you can use what are called URL expanders which will do the opposite and show you the original URL so you can see where the short URL would take you. While doing this is extra work on your part, it’s the only way you can be sure that the link you are wanting to click isn’t malicious. An example service that does this is expandurl.net

As you can see, phishing emails are serious business. There is a lot to look for and it can be very confusing. Keep these red flag highlights in mind:

  • Email address matches who you would expect it to be from
  • The message doesn’t appear to be written by a foreigner
  • Links match the address you would expect them to go to
  • Downloads or attachments are expected.

By following these simple points, you will go a long way in keeping yourself and others safe.