How to Spot a Phishing Email

October 14, 2021

With hundreds of billions of emails sent and received each day, it’s getting more difficult to tell which are legitimate and those that might be phishing attempts.

However, phishing emails will typically contain at least one of the following telltale signs:

  1. Asks for Sensitive Information
  2. Uses a Different Domain
  3. Contains Links that Don’t Match the Domain
  4. Includes Unsolicited Attachments
  5. Is Not Personalized
  6. Uses Poor Spelling and Grammar
  7. Tries to Panic the Recipient

1. Asks for sensitive information

Legitimate businesses will never request credit card information, social security numbers or passwords by email. If they do, it’s likely to be a scam – like the below:

an example of a phishing email from cba

Source – https://cba.ca/Assets/CBA/Images/Article-detail-images/updateBillingEmail-en.png

2. Uses a different domain

Phishing scams often attempt to impersonate legitimate companies. Make sure the email is sent from a verified domain by checking the ‘sent’ field. For example, a message from Amazon will come from @amazon.com. It won’t come from @clients.amazon.org, like this phishing example:

example of a phishing email from amazon

Source – https://lts.lehigh.edu/sites/lts.lehigh.edu/files/phishing20130508.jpg

3. Contains links that don’t match the domain

In the above Amazon phishing example, you’ll also see the links don’t actually take you to the Amazon domain.

Hover the cursor over any links to make sure they will take you to the site you expect. Also, look for https:// at the start of the URL, and do not click links that do not use HTTPS.

4. Includes unsolicited attachments

A legitimate company will never attach or expect you to download files from their emails. It will instead direct you to its site, where you can download documents safely.

Avoid opening email attachments, even from a supposed well-known organization.

5. Is not personalized

Companies that do legitimate business – or whom you’ve shopped with previously – will know your name. And they will use it, rather than addressing you in a generic manner, such as “Dear Valued Member”, “Dear Customer” or just “Hello”.

6. Uses poor spelling and grammar

Official organizations employ specialist copywriters for their communications. They would never send out emails with obvious spelling or grammar errors, like this Apple phishing email example:

example phishing email from apple

However, hackers aren’t simply bad spellers. The suspicion is that attackers deliberately use grammatical errors to weed out less cautious users, who make easier targets.

7. Tries to panic the recipient

Most phishing attacks try to panic the receiver with urgent, seemingly time-sensitive calls to action. The aim is to make recipients feel as if they’re missing out on an urgent offer or reward, or nervous about the threat of punishment.

Below are some of the common phrases and tactics used by scammers to get you to urgently click on malicious links or attachments:

  • We’ve noticed some suspicious activity or log-in attempts
  • There’s a problem with your account or payment information
  • You must confirm some personal information
  • You need to make a payment
  • You’re eligible to register or receive a refund
  • Offering coupons for free products
  • Issuing a fake order confirmation

The fictional example below highlights a common scammer request to update personal information due to abnormal account activity:

trustedbank phishing example

Source – https://en.wikipedia.org/wiki/Phishing#/media/File:PhishingTrustedBank.png

If you spot any of these common signs of phishing emails, don’t interact with any links or attachments. Forward the email to the government’s Anti-Phishing Working Group at reportphishing@apwg.org  and delete the email immediately after.