How to spot a phishing email
Look out for Language, Design, Name, Action
- Many phishing emails have poor grammar, punctuation and spelling.
- Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
- Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
- If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
- Is the design and overall quality what would you’d expect from the organisation the email is supposed to come from?
- The entire text of the email may be contained within an image rather than the usual text format. The image contains an embedded link to a bogus site.
- Is the email asking you to click on a link? Look at the link carefully to see if it looks credible. For example, if the hyperlink seems to be from your bank, make sure it would go to your bank’s website, and not to something with a different name.
- Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
- Double check the sender’s email address. Often phishing emails attempt to mimic an official email address by making it look as close to the original as they can. Make certain you check what proceeds the ‘@’ symbol.
- Think, what is the email asking you to do?
- Your bank, or any other official source such as the University, should never ask you to supply your personal information or logon details.
- If the email is from a person, is what they are asking you to do unusual or out of character.
- Are you being asked to view an attachment or to install some software.