Email Security: 6 Tips for Spotting Phishing Email Scams

June 06, 2017

Scammers often send emails to potential victims trying to trick them into divulging personal information or into unwittingly downloading malicious software. These messages are often referred to as phishing emails. While there are many scammers out there whose emails are immediately obvious as a scam (Congratulations! You just won a free trip to Bahamas. Send your credit card information to reserve your spot!), there are certain scammers who have been further refining their phishing ploys. The following should raise red flags anytime you see them in an email.

 

1. Poor Spelling and Grammar

Probably the most obvious sign that there’s something phishy about an email is when it is littered with grammatical errors. A lot of phishing scammers are located outside of the U.S. and are not native english speakers. As a result, their emails often have numerous spelling or syntax errors.

 

2. Check the Email Signature

Another easy way to check an email’s legitimacy is to check the signature of the sender. Most professional businesses use signatures which feature multiple different ways to contact them - i.e. phone number, street address, links to their website, etc. - since they want to make it as easy as possible for you to get back in touch with them. While it’s not a dead giveaway, it should raise a flag whenever a robust signature is missing from an email from someone claiming to be a professional at a company.

 

3. Asking for Your Personal Information

Legitimate entities - whether it’s a bank, a government agency, or some other type of business - will never ask you to disclose personal information within an email. Your bank already knows what your bank account numbers are and the government already knows what your social security number is. There is no need for them to ask you to disclose them via email. Treat any request for personal information (passwords, credit card information, etc.) with great suspicion.

 

4. Hover Over Links, Use a Link Checker

If you’re unsure of the validity of an email, make sure to check any links in the email BEFORE clicking on them. There are two ways to go about doing this. First, you can hover your mouse over a link to show the destination URL (depending on what email service you use). If the link shows a URL that is different from what the link text implies, don’t click it. If you’re still not sure, use this link checker by Norton which will tell you whether the link is safe to click or not.

 

5. Beware Intimidation

While many phishing emails try to fool you by using reward-based motivations, others are starting to learn that fear-based motivations are often more effective. One of the common phishing scams of this nature involves the scammer impersonating the IRS or a law enforcement agency alerting you that legal action will be filed against you unless you take a specific action. If you get an email like this, don’t immediately assume that it’s legitimate.

 

6. Don’t Develop a False Sense of Security

Most importantly, you want to avoid developing a false sense of security. While the vast majority of phishing emails are fairly obvious, there are those who don’t show their hand as easily. Scammers are constantly inventing new ways to trick their targets. Some have taken to creating detailed emails that look nearly identical as those from trusted sources such as Google. Keep a sharp eye on your inbox, and make sure to ask an IT professional about a suspicious email before clicking on any links.