6 Ways To Spot A Phishing Email

21 May 2020 by Conor O'Neill Conor O'Neill

Phishing emails are very common. They are spam emails that land in your inbox or junk folder that imitate a real-life, well-known company (or even someone you may know) and ask you to provide them with sensitive information. Be it usernames, passwords or card details, these cybercriminals will aim to get what they need to 'hack' you further and can cause many issues including financial loss.

You must look out for them not only in your personal life but in your business setting too as scammers can often target both. Clicking on these harmful phishing email links can cause several things to potentially happen and if you are a company who is concerned about this, phishing simulations may help.

These criminals can utilise these by installing malware, viruses and spyware on your device which in turn, can cause even further damage. By doing so, they could potentially gain access to your sensitive information to exploit, hack further accounts of yours and even send out phishing emails to your contact list.

To help you avoid clicking on these harmful links, we're here to help you identify certain aspects of these emails so that you can spot when they are not real;

1. They request sensitive information

Legit companies commonly don't request for you to share sensitive information over email, so this is the first indication that it is a phishing email. Despite how real these scammers can make this email look, the likes of banks, for example, will never get in touch with you via email to confirm information. They are most likely to reach out via letter. If you ever receive an email from a bank that causes suspicion, give the imitated sender a call (your actual bank in this example) and let them know.

2. Their emails aren't quite right

When we receive emails, we tend to look at the sender's name and not look further at the email from the account it was sent. Scammers often use two different tactics with email addresses; they'll try to get away with a public domain such as gmail.com, or they'll spell the companies name of whom they're imitating slightly wrong. For example, they may use 'paypall' instead of 'PayPal'.

3. ' Dear Customer…'

Regardless of whether you're just receiving a targeted marketing message, companies can personalise their emails with their customer's first names. Phishing emails seem to miss this trick, most probably due to the mass send out. Keep an eye out for those that aren't personalised, especially if they usually are.

4. They attach unsolicited attachments

Received a weird attachment that you weren't expecting? Word of warning - don't click! This is another way cyber criminals attempt to get access to your device or steal your data. No matter how curious you may be, downloading or opening these suspicious attachments has just as much impact as clicking on the links.

5. Poor grammar is evident

Have a quick scan of the email and look out for any spelling mistakes or grammar issues. They may leave spaces in between commas and full stops and capitalise letters that do not need capitalising.

6. It makes you panic

Finally, these emails often make you feel a sense of panic as to entice you to click on the link they've provided. They may often try to tell you that your accounts have seen suspicious activity and you need to change your password for you to not think twice about clicking through. Despite this aim to make you want to rectify it immediately, consider the other points in this post and assess once again if it is real before you do anything. If you want to be safe, go on the said website manually and change your account password from there.

Phishing emails are most likely here to stay as there is almost no way to police them. All individuals can do is educate themselves and others on how to spot characteristics of these messages and to avoid falling for the trick.


About The Author

Conor O'Neill

Conor O'Neill - OnSecurity Head Of Product

Conor is a co-Founder and Head of Product at OnSecurity. Conor has over a decade of IT security experience, and has been heavily involved with startups over the past few years
;