Phishing emails are a common tactic used by scammers to trick or deceive people into performing certain actions. Criminals will send fraudulent emails that appear to be from a legitimate source, such as banks, government agencies, or well-known companies to get victims to click links, give out information, or call phone numbers.
Because of how easy it is for criminals to make phishing emails look authentic, these scams can be difficult to detect, but there are a few telltale signs to look out for.
In this post, we’ll outline some of the most common signs of a phishing email and provide tips on how to stay safe online.
Keep in mind that not every phishing email is the same. Some may have 3-4 of these tell tale signs, while others may have none at all.
Regardless, if you can’t verify the integrity of an email or sender, never click on any links, download any attachments, or give out any information.
Suspicious Senders
One of the easiest ways to identify a phishing email is to check the sender’s email address.
If you’re lucky, there’s a chance you can tell an email is fake right away by looking at who the sender is. For instance, if user23783940@gmail.com or moonstone@yahoo.com is sending you an email regarding an unpaid invoice, you can safely assume it’s a phishing email scam.
Sadly, not all phishing emails come from obviously fake senders, but there are some common themes to look for.
If an email is coming from an address that has “support” or “noreply” in it, it should also raise your suspicion. While legitimate companies often use tech support and noreply email addresses, the ones that criminals use tend to stand out more than others.
Examples
By looking at the sender’s full name, “messasing.sqaureup.com”, it should raise immediate red flags. A quick google search for “squareup” reveals that they are a credit card processing service and are completely unrelated to Norton.
Here’s an example of what a fake “support” email looks like.
The email may appear to be coming from Stripe (which is an authentic payment service), but by searching “squamailvice.com” one will find that it has nothing to do with Stripe as a business and that notifications@stripe.com is their official email address.
Urgent Calls to Action
Phishing emails often create a sense of urgency or panic to prompt the recipient to act out of fear. The emails may claim that “your password has been changed” or that “you need to update your information immediately” if you wish to avoid any consequences.
The goal of these emails is to get you to click on harmful links that will install malware, or give you a phone number to call.
If you do call the phone number provided, they’ll walk you through the process of installing malware or eventually ask you for some sort of payment to resolve the issue.
Examples
This scam impersonates an email from Citi Bank warning you that criminals are trying to get into your account.
Clicking the “View Your Account” button would take you to a hazardous site that would result in malware being installed on your device.
In this example, the phishing email is attempting to appear as if it’s coming from the Social Security Administration and that your SSN has been suspended (which isn’t possible). The “Support Team” is nothing other than a call center full of criminals waiting to get payment from you.
Poor Grammar and Spelling
Another common sign of a phishing email is poor or grammar and spelling. Scammers send out millions of phishing emails each day and are a lot more concerned about quantity over quality.
Misspelling, incorrect usage of punctuation, and overall awkward sentences are common amongst all types of phishing emails.
Even the most sophisticated looking phishing emails often contain irregularities that legitimate emails would never have.
Examples
While the spelling is correct in this supposed email from “Outlook”, the grammar and overall message of the email makes little to no sense.
This message stands out for a few grammatical reasons, but it’s also how the text is formatted and broken that makes it instantly suspicious.
Lack of personalization
When a sender is speaking to you indirectly, or only referring to you only by your email, it’s a sign that the sender may not have your specific information and is trying to trick you into providing it.
Legitimate companies and organizations will usually address you by your name or at least your username in their emails.
Additionally, some phishing emails may use a fake name or username to try and trick you into thinking someone else has access to your account.
Examples
Unusual Request
Phishing emails may contain unusual requests such as asking you to wire money, purchase gift cards, or buy cryptocurrency. These requests will likely come with a deadline you have to meet if you want to avoid facing any consequences.
In these situations, legitimate companies would never ask you to wire money or provide gift cards in an email because they’re not secure, reliable, or even efficient methods of payment. In addition, real companies already have their own secure and established methods for processing payments and transactions.
The reason criminals ask for money via these unusual forms of payment is because of how instantaneously they can use these funds after you send them.
Examples
This one is targeted at employees as a criminal tries to impersonate a high-ranking executive or CEO of a company. They’ll send out an email to someone who usually works in accounting or finance and request that they purchase gift cards or make a wire transfer on behalf of the company.
Hovering over links
First off, if you aren’t 100% confident in the legitimacy of an email, NEVER CLICK ANY LINKS.
Fortunately, there is a trick you can use to see where the link may lead you if you were to click on it. Hovering over links in an email can help you detect phishing emails because it reveals the actual URL of the link. Scammers often use deceptive links that appear to be genuine but lead to a different website that is designed to steal your personal information or install malware on your device.
If it the link doesn’t contain any keywords related to the email itself, it could mean it’s a malicious link.
Be careful though, criminals are aware of this technique and can modify the URL to make it appear authentic. Even if a link looks real, DO NOT CLICK ON IT.
Examples
Here you can see that the email appears to be coming from Verizon Wireless, but once you hover over the link you’ll find no indication that it would have taken you to their site.
Too good to be true
Lastly, if an email is offering some sort of reward, discount, or giveaway, always assume it’s a scam before doing anything. While this may sound obvious, curiosity can get to the best of us, especially when it comes to free stuff.
Individuals may think it’s safe to click on links as long as they don’t willingly download anything or give away any information, but this isn’t the case. Depending on the type of malware, clicking once is all it can take for software to install itself on your computer.
Examples
This “Free” gift card from amazon email doesn’t look all that different from something they would actually send out to their users.
The reward amount isn’t high enough to raise a lot of suspicious either.
If you were to scroll down and accept the gift, it would tell you to install Microsoft Word documents named “Amazon Gift Card” and ask you to print them out. Opening these documents and clicking “Enable Contents” will result in the installation of malware on your device.
Conclusion
By looking for these a combination of red flags it can help you to determine if an email is legitimate or not. For example, a phishing email may have a legitimate-looking URL but still be fraudulent if it contains unusual requests or urgent language. Similarly, an email may have a personal greeting and no obvious spelling errors but can still be a scam if it asks for confidential information or contains a suspicious attachment.
If you use technology on a regular basis, there’s a good chance you’ve seen your fair share of phishing emails already. Nevertheless, as criminal techniques continue to evolve, so will the complexity of their attacks.
Want to learn more?
Our blog is your one-stop-shop for all things related to identity theft and digital privacy protection. We provide you with the latest news and updates on identity theft trends and offer practical tips and resources to help you safeguard your personal information. We also cover a wide range of topics, from protecting your passwords and financial accounts to things like securing your social media profiles and online shopping habits.
Our team has over 15+ years of identity theft restoration and prevention experience, and we’ve created comprehensive guides and tutorials that will show you everything we’ve learned about detecting, preventing, and recovering from identity theft.
In addition, we offer reviews and comparisons of the top identity theft protection services, so you can find the best solution to fit your needs and budget.
Feel confident that you’re taking all the right steps to keep your privacy, finances, and devices protected. Don’t wait until it’s too late – join our community today!
