Phishing emails pose a risk to consumers and businesses by trying to trick you into giving personal and sensitive information. Learning how to spot a phishing email can help prevent fraud and protect your information.
Here are five easy ways to identify a phishing email:
- Look at the "from" address. Be sure you recognize it, and look closely. Then take a second look at the domain name (that’s the name after the “@” symbol). Make sure it’s spelled correctly.
- Make sure that the “reply” address matches the “from” address of the sender; otherwise it may be a spoofed email.
- Make sure the sender is who they say they are. This is done by using out-of-band communication to contact the claimed sender. In other words, DO call your brother and make sure he actually sent you that cat video before you click on the link in the email, and DON’T email them back and ask if it is him; the attacker will always reply “yes.”
- Check that the message is well composed with the grammar and spelling you would expect from the sender, whether it’s your boss, your brother or your bank.
- Triple check all email links before you click on them by hovering your mouse over the link (without clicking on it) because your email application will show its actual destination. Look at the domain and be sure it is what you would expect. Misspelling a domain is a very common tactic (microsft.com vs. microsoft.com). At a glance, they look the same, but one will take you to Microsoft, and the other will take you somewhere you don’t want to go.
If you’re still not sure, do not open the email or contact the alleged sender through a different method to confirm it’s from them.