How to Spot Phishing Emails
Phishing emails, and very targeted Spear Phishing emails are often sent by criminals looking for personal information that will allow them to steal money, commit identity fraud or gain access to your online or business services by stealing your credentials. Phishing email attacks will use fake websites and links in the email to trick people into giving away their login credentials. Often, links will be hidden by shortened URL’s (a shortened URL is something like a2hjds.bitly which when run through a URL lengthener comes out as 89734ihfyrfgweroihf04fghof4.someurl.com.)
Do remember that Phishing is very closely related to Smishing, which is exactly the same, only rather than email it is by text message.
Here’s how to spot phishing emails.
The only way ensure you are master how to spot phishing emails is vigilance. If you receive an email asking for sensitive information such as your password or credit card number or asking you to perform an action in some urgency, don’t click any links or open attachments. Instead, go directly to the website where you normally log in and check to see if there has been a security breach. If so, change your password immediately. If the email is from a person who is asking you to conduct an action urgently, phone that person using the contact details you already have and confirm that they sent the email.
A phishing scam usually starts with a link to a legitimate site, but then redirects users to a fake version of the site. This means the URL will start with something like https://paypal.com/ instead of http://www.paypal.com/. Always check the links in your emails and be careful. The attackers will do things like change letter and numbers or use the original urls in fake urls so it looks legitimate. For example, paypal.com could be expressed as pypal.com or paypai.com or paypa1.com or even paypal.com.account1239843.someurl.com.
Always be suspicious.
Check the spelling and grammar.
If you see any misspellings or grammatical errors, it’s probably a scam. Look for things like “PayPal” instead of “PayPal’s” or “your account” instead of ‘your account.’ Also, make sure the links work properly. If you click on them, you should end up at the correct website.
Read the message carefully.
Don’t open attachments unless you’re expecting one. Instead, go directly to the link provided in the email. If you receive an attachment, delete it immediately.
Don’t click links in suspicious messages.
If you think you’ve been phished, report the incident to the appropriate authorities. In some cases, you’ll need to file a police report.