Does this scene look familiar to you: You checked your inbox hoping to find an email from a colleague at work only to receive a barrage of spam emails that you never remembered signing up for?
Millions of phishing emails are sent to innocent victims around the world every day, and while many of them are far-out ridiculous to be taken seriously, some are clever enough that anyone can be deceived at first glance.
So how can you tell a legitimate from phishing email? While there’s no one single approach that works for every situation, there are signs you can look out for when digging through your inbox. Take note of these 10 tips when checking your inbox for any phishing emails.
1. Check out the subject line.
Spammers try their best to look genuine, but their subject line can give away their true intentions. You might have come across emails that promote things like home loans, lottery and health products which are easy to spot on since they usually start with sensational headings like “Buy Now While Supplies Lasts”, “Big Savings”, “You Just Won $1 Million!”. Phishing emails can also be identified with headings such as “Verify Your Account” or “Immediate Action Required”.
You can just ignore it or delete them without opening. Messages without a title, on the other hand, should be checked carefully as they could be important emails sent hastily without a subject line.
2. It has grammar and spelling errors.
Another telltale sign that an email is not legitimate is when you see it with obvious mistakes in spelling and grammar. Some are easy to identify: “ALERT: Someone is Accesssing Your Account” while others need some close inspection: “Best Prices Today. Clicked Here to Get Huge Discounts!”.
Any authentic organization would have their editors run a spell check or proofread their marketing newsletters before they send them out. So always examine the message for any misspellings and poor grammar before accepting it as valid.
3. The email message contains suspicious URLs.
If there are links embedded inside the body of an email message, don’t click it, just to be safe. Instead, hover your mouse on the link and you should see the real hyperlinked address (some email software may not support this feature). If it doesn’t match, then it could probably lead you to a fraudulent site. You can also go directly to the said account on a separate tab or window and see if there’s anything wrong.
4. Personal salutations are generic and unclear.
Is the email sent with a generic salutation”Dear Valued Customer?” or worse, “To whom it may concern?“. Then better keep your eyes open. Legitimate companies would always address their customers with their full name to sound professional and credible.
5. Phishing spam emails use deceptive domain names.
Online scammers understand and often succeeded with their crooked tricks because they know that a lot of people are still not aware how domain names work. Domain names are organized and composed of different parts starting from right to left. Let’s use www.vodien.com as an example. To the far right is the suffix com which is the parent domain or top-level domain, vodien is the mid-level domain, and to the far left, www is the third-level domain that identifies a specific host server.
So, if you see a domain name like this: www.vodien.worldhackers.com, then it clearly does not originate from vodien.com domain name because the real second-level domain is referencing worldhackers.com not vodien. A phishing artist would simply use second-level domains that spoofs legitimate companies (e.g. Vodien or GoDaddy) to make it appear more authentic. So, if you’re not careful, you could fall for their trap.
6. It asks for personal information without apparent reason.
A trusted company will never ask their clients for personal information through email for no specific reason. If you have a bank account, your bank should already know your account number since they have that information in their database.
7. Check out the signature.
If you don’t see any information about the email sender or ways to contact their company, or if the information in the signature doesn’t match the email address, that may indicate that it’s a fraudulent email. Legitimate businesses should provide proper contact details so that people can easily contact them when they have questions.
8. Check the file extension of the attachment.
Attachments from malicious emails can contain malware and viruses that infect your computer or device. Malware can potentially corrupt files on your computer or steal your usernames and passwords. Look out for attachments with extensions such as .exe, .jar or .ace. There may be attachments in unsuspecting extensions such as .xlsx, .pdf, .doc and etc. However, the links within the common document files may contain links directing you phishing websites that require you to enter personal information.
Be careful and try not to download or even open attachment if you suspect the nature of the email.
9. Email was sent from unfamiliar locations.
An email sent from somewhere you don’t live or you don’t know anyone from that place, is a major red flag. The country of origin should be the first level of check to determine if the email is genuine or not.
10. Emails that asks for money or donations.
Any emails that request for money or donations should be treated as suspicious until proven otherwise. Thousands of email accounts get hacked every day, so be wary if one day you get an email from a friend who lost all her money while vacationing in Europe. If you are concerned about your friend, call her instead to verify her situation.
Scam artists can also pose as a charitable organization that asks their victims to make donations through their phishing website where they steal bank or credit card numbers. If you want to donate to a charity, make sure to send your donations directly to the website and never through such emails.
Spotting malicious phishing emails is just the first step to preventing yourself from possible scams. Here are other tips you can do next.
Use Security Protection Tools
Most email providers automatically screen emails and filter out known spam emails. However, mistakes can happen to the best of us so it helps if you have security tools installed as an additional security backup. Installing anti-virus programs like Avast can alert you and prevent you from opening malicious file attachments. This will definitely prevent such malware or viruses from spreading in your computer, or even in your network server, in the event when you download and open the file.
At Vodien, we offer an effective anti-spam solution, so that you don’t have to waste any time dealing with such spam emails. Our SpamGuard addon creates a spam filter that effectively blocks spam emails, protecting you against possible malware attachments that come with the increasing volume of email spam. Check out our SpamGuard Email Anti-Spam solution over at our product page!
Don’t respond to emails that asks for money or personal information
The moment you reply to phishing emails, this will only confirm that your email account is active and distribute it to more spam farms. Again, do not click on anything—on URLs and attachments or give out your personal information such as your username, password or credit card number to anyone who claims to be from a legitimate company.
Use Email Filters
Some email providers have filter settings that allow you to keep incoming emails from trusted contacts and send unknown email senders to the spam folder. In this way, it can prevent you from clicking on malicious emails by accident.
Report Spam Emails
Reporting them to your email provider’s anti-spam team or an anti-phishing website will not 100% guarantee to wipe out all spam activities but it can help lessen their progress. Microsoft offers some helpful tips on how to report phishing scams on their Outlook or Hotmail email programs. You can also use this Reporting Phishing Page to report suspected phishing sites to Google’s Safe Browsing Team.
If you suspect something fishy about the email, do a quick research.
When something looks off, it’s better not to take any immediate actions until you can confirm your suspicions. Sometimes, a simple google search on the sender’s email address, or on the content of the email, will reveal if there are similar cases reported.
Teach others how to spot phishing emails.
Your family members or colleagues can be likely victims of phishing scams, so, remind them to always be vigilant when browsing online. If you suspect that your friend forwarded a spam email or their email account was hacked, let them know so that together you can stop this content from spreading.