5 Tips For Spotting A Phishing Email


Identity theft is the fastest growing crime in the U.S., with more than 15 million Americans falling victim to it annually. And phishing emails are just one way to target you.

More than 260 million phishing emails are sent every day, and they are on the rise. Do not have to become a statistic. There are ways of protecting yourself from these identity thieves and criminals; here are five.

What Is “Phishing”?

Phishing is the act of trying to gain personal or financial information from a person by using an email that appears to be from a trusted retailer or financial institution. The criminal tries to lure you to a fraudulent website where they will try to get you to enter personal information. Once they have this, they will steal your identity or your money.

How To Protect Yourself Against Phishing

There are a number of things that should tip you off to a phishing attempt. Look for these five signs and proceed with caution:

1) A Purchase You Never Made

One of the newest ways criminals are phishing for your information is to send an email that looks like an invoice, thanking you for a large purchase, usually in thousands of dollars. This large amount is to get your attention and get you into panic mode.

If you receive one of these emails do not click on any links. Open up a new browser and go directly to your bank website or credit card website. Make sure there are no unusual transactions.

2) Odd Looking Return Email Address

This is a dead giveaway. Check where the email is coming from. Many times it will look something like this: companyname-sales@gmail.com or customer.service@mispelledcompanyname.com. Sometimes they will even put your own email as the return email. The email should be from a domain or sender you recognize. For example, if you receive an email from sales421@ebay.com, don’t assume just because eBay is in the name that it is legitimate.

By now you should know what the email of companies you frequent look like. If these criminals are trying to impersonate a reputable company, go directly to to that site and check your account.

3) Non-Personalization

Companies that you have already done business with will have your name in their database. When they send you an email, it will have your name in the salutation. Something like, “Dear John Smith” or “Hi John.” It will never be “Dear Customer,” “Attention Sir/Madam” or “Hello Member.” These are signs of a phishing attempt.

4) Fake Web Address

There will usually be a hyperlink in the email that the phishers want you to click. Once you are on the fake site, they will try to get your information.

One way to see where the link actually goes is to place your cursor over the link without clicking it. The actual URL will show up and you can see exactly where it goes. It may look something like this: 134.ghtyt-yht5hr634-389nty.com. Delete the email as soon as possible.

Keep these tips in mind and you will stop any cyber criminal in their tracks and keep your personal information safe and secure.

5) Threats

If there are threats or commands in the email, such as “Act Now” or “Click Link or Lose Your Account Forever,” this is a telltale sign of a phishing email. An email promising you $1 million if you click now or a free vacation to Thailand for downloading an attachment are big red flags.

What Should I Do With A Phishing Email?

To reiterate, NEVER click on the link. Do not follow the directions in the email. Rather, go to the source (e.g. Gmail, Amazon, eBay, etc). If the email asks for personal information, such as passwords, credit card numbers and bank account information, do not reply. Companies such as these will never email you asking you to enter your information.

Take the Target breach in 2013; the mass emails informed customers of what had happened and how to proceed. They never once asked for customers to submit personal information; they encouraged you to communicate through the normal channels customers already communicated through.

If the email asks for personal information, such as passwords, credit card numbers and bank account information, do not reply.

If you suspect an email is a scam, just don’t open it. Also, report any suspicious activity, whether it is to your IT department at work, or the company/site the email claims it is from. Many companies have email addresses in which you can directly report phishing.

If you do, however, click on a link or respond to a phishing email, your identity and personal information could be compromised. You should immediately take action by contacting your bank, and by alerting your company or anyone else who would be affected by the scam.

Editor's note: This post was originally published in October of 2014. It has been updated for freshness and accuracy.


Leave a Comment

Subscribe to Email Updates