Spotting a Phishing Message

It can sometimes be difficult to spot a phishing email, and many people fall for them. Whenever you receive an email that just doesn't seem right, be suspicious and try the following.

• Check the sender. If the message looks like it is from someone you know, click on the drop-down arrow by the person's name to see who really sent the email.
  • If it is not from the person you know, delete it right away.
  • If it's from a foreign country, has a strange email address made up of lots of numbers and letters, or has misspellings, it's probably a phishing email.
  • Some senders even use email addresses that appear to be from someone you know. If you're not sure, call them and ask them. Don't call any numbers in the message. Look for their official phone number online and call that one instead.
  • If you don't know the sender, don't download any attachments in the email. They may contain viruses.
• Is the message truly sent to you? Did the message come to you directly or is it part of a list with hidden addresses (BCC)? Unless you've signed up for a mailing, any use of BCC should be questioned.
• Does the tone match the sender? Messages from people you know or work with will usually contain a personal greeting often using your name, not a general one (like Dear Sir or Madam.
• Show all headers. Learn how to show all headers in your preferred email program. The headers will show you the path the email took to get to you. A quick Internet search can show you how to do this (and once you figure it out, consider putting it in your Knowledge Base so others can do this too). If it starts out or passes through any suspicious domains, report it.)
  • Show all headers in Gmail | Outlook
• Don't click on that link! Unless you are absolutely sure someone you know is sending you a URL, don't click on links in an email or text. If you think the message is from someone you know, but you're concerned about an embedded link, investigate the link without clicking on it. In some email programs, if you hover over a link or linked text, you can reveal the actual embedded link, either in a pop-up or in a browser window. Many browsers offer some limited protection if you do accidentally click a link. If your browser warns you about the link, close your browser and start again.
• Don't succumb to requests for urgency. Some cybercriminals may pose as a member of IT support or a different authority figure, like the police, a healthcare worker, or others. This is called spoofing. They may try to sound official or otherwise wear you down by sending multiple requests for you to do something "very important" because "it's urgent" or "time is of the essence." These messages may be paired with phone calls. Never call a number in an email. Research and use a trusted phone number instead.
• Question poor grammar and misspellings. Unless you know the person you are communicating with just generally has these issues, spelling and grammar errors can indicate a phishing attempt. Strange formatting, like mixed fonts and colors, can sometimes also be an indication of phishing.
• Search the sender or organization. Open your favorite search engine and search the sender, their email address, any domains, or other information to determine if the message is legitimate.
• Avoid attachments. Recognize common file extensions along with those that may indicate something hidden within an attachment, extensions like .exe or .jsp can be files that corrupt your device.