Menu Close

How to Spot a Phishing email

You didn’t think I would spend this whole month talking about e-mails and not speak about Phishing, did you? Phishing is a subject that I have posted on before, but it is worth repeating. Phishing is the act of trying to steal someone’s personal information through the internet. It’s typically done through e-mails although I have talked about how some have decided to go through other means. That being said It’s an important subject to come back to and re-enforce what we need to look for if we are trying to figure out if an e-mail is phishing.

1) Look at the sender’s e-mail – This is always for me one of the most significant tells to see if someone is genuine or if they are Phishers is through the sender’s e-mail. There are a couple of different scenarios here, but they all end the same way. The first scenario is if someone is spoofing someone you know. This is more likely to happen in a professional situation because People’s personal e-mail is a bit harder to guess. If you get an e-mail that appears to be from your boss requesting something (usually money) and the e-mail does not match the e-mail that they use typically to contact you….then likely it’s not from them. If you are a subscriber of mine (and if you’re not I HIGHLY advise subscribing), you will get an e-mail from jason@jasonlovefiles.com. If you appear to get an email from my blog and the sender’s e-mail is Gary75@gmail.com (as an example, I have no problem with Gary75…or Gary’s 1-74 for that matter) than it is not from me and you should delete that e-mail. The other situation could be that you get an e-mail “from a company” you deal with when it’s not actually from them. If you receive an e-mail from the Gas company and their typical email is customersupport@gascompany.com, and the e-mail is sent from cusstomersuport@gastcompany.com than it’s a phishing e-mail trying to get your information. 

Did you see the difference in the two e-mails? It may be hard to spot, but the spelling mistakes in the sender’s e-mail make all the difference. Some phishing e-mails are not so sophisticated in the look of their sender’s addresses like I mentioned, some commonly use Gmail addresses, but the user name they try to use is one you would recognize, like your boss. The less sophisticated the e-mail address, the easier it is to spot.


2) Pay attention to the text in the e-mail – Typically phishing e-mails can be either aggressive or vague. The aggressive e-mails will have a message something along the lines of “IF YOU DON”T CLICK THIS LINK RIGHT THIS MINUTE THEN HACKERS WILL GET YOU!!!!!” There are many variations on the theme, but the language is all the same. In this case the important thing is not to panic. Recognise that companies who want to request that you validate your login information would not get you to do it through e-mail. And they certainly wouldn’t get you to click a random URL link. The vague ones I’ve seen loads of which people receive e-mails from people they supposedly know when in reality it’s the phishers. It will be things like “Hey could you do something for me real quick?” in which “your boss” asks you to do something. I have heard an example of where an accountant gets an e-mail supposedly from the person’s boss, asking them to transfer money out of the company. The email instructs the victim not to contact them because “(the boss) is getting on a plane for the next couple of hours” by the time the dust settles the accountant has accidentally aided in the theft of hundreds of thousands of dollars without even realising it. It’s because of this that it’s imperative that we always need to pay attention to what is in the e-mails that we receive and what it is that they are asking us to do.

3) DON’T CLICK THE LINKS – Speaking of which, I have said this in every single Phishing post that I have done, but it is always worth repeating. DO. NOT. CLICK. LINKS. If there is any question at all in your mind about the authenticity of an e-mail, it’s always best to delete the e-mail entirely. Clicking links that you don’t know is the easiest way that Phishers get into your system. The best thing that you can do is not click the links that you don’t recognize. If there is ANY doubt in your mind, even if it looks even slightly suspicious it’s always better to err on the side of caution that it is to suffer the consequences of a hasty decision.

99% of Phishing attacks are successful because people didn’t take the time to look at the e-mail that got sent to them. It’s important to remember that most phishing attempts are successful because the phishers are banking on the fact that people won’t be paying that much attention to their e-mail. There are so many e-mails that you get in a day that if you get a quick and sharp scare like “CHANGE YOUR PASSWORD OR YOU’LL GET HACKED” that the knee jerk reaction is that you will click the link to fix the issue. This, I assure you is the wrong action.

Have you ever received a phishing e-mail that you were able to see right off the bat?

Let me know in the comments section below. If you like this blog post and want to see more, you can follow me on Social Media (LinkedIn, Twitter, Instagram, and Facebook @jasonlovefiles) or Subscribe to my blog to get new content delivered directly to your mailbox.

Leave a Reply

Your email address will not be published. Required fields are marked *