8 Ways to recognize Phishing Emails
Phishing mails are getting smarter and more credible by the day. That is why it is vital to recognize them, before they pose a threat to you or your company.
Nowadays cybercriminals have different strategies on how to extract money or information from their victims. Even if they don’t get money or information from you, but you still click on their link, they can verify that your email exists and that there is in fact a person on the other side of the screen. They can sell this information so that other cybercriminals can try their luck at extracting your information or money. To prevent this from happening, we have collected a few dead giveaways to recognize these malicious emails. Here are 8 ways to recognize phishing emails.
1. Spelling mistakes
Sometimes the cybercriminals that wrote these phishing mails are not quite as fluent in the language as you are. This is why some of these phishing mails may have strange grammar or plenty of spelling mistakes to give away that it is a phishing mail. However nowadays they are getting better and smarter so it will not have as many spelling mistakes or strange grammar. Still, this is one way to spot them.
2. Their domain
If the fact that the sender is not in your ‘safe sender list’ does not make you suspicious, you can always check their domain. You can find it next to the name or when clicking on the sender’s name. It will display the sender’s e-mail. If the part after the @ does not seem familiar you can be sure it’s a Phishing mail. If it does: Always check the spelling and what comes after the dot. For example, here:
We can spot it has an extra “l” and that it comes from .be instead of .com. Clearly red flags!
3. Content of the mail
The content of most phishing mails will be similar. Some will ask you to pay something, renew a subscription, ask for a small favour even others will redirect you to a website or some may even ask you to download something. They will always ask something of you, sometimes even with a seemingly legitimate reason. A dead giveaway is when it is extremely urgent because this stops people from thinking and just makes them act. Some however are very subtle and well-crafted like this one: .
An individual who is trained in recognizing phishing mails will know why this is a phishing mail.
4. Phishing links
Near all phishing mails will have phishing links in them. These will redirect you to phishing sites that in most cases will be identical to the official one. However, you can still hover over the links and you will be able to see what website the link will take you to. Carefully compare this to the official website of the company they are pretending to be before clicking on it. If you do however click on the link even if you don’t fill out any details you will have confirmed that your email is a potential victim's email and you’ll start receiving more and more phishing emails.
Phishing emails will always try to impersonate somebody. Whether it be a colleague (spear phishing) or a banking company, it does not matter. These cybercriminals do not care. Always check from which company you got the mail. If you don’t know it or have never been a client, ignore it and mark it as spam. If you get it from a colleague however you might want to read what they want and ask them in person if you’re still unsure as replying to the e-mail might make you a victim.
6. Personal details
Always remember that there is not a single company on earth, not even the government that will ask for your personal information through mail. They will always use a secure official website starting with “https”. Even if the e-mail seems legit, it is better to login manually through your browser than to use the link they left in the mail. This way you can be sure you aren’t being phished.
7. Limited time offers
Unless you actually have a subscription at the company sending you these promotions you can nearly always conclude that emails offering exclusive and too good to be true offers are phishing emails. Be wary however because if you do have a subscription then you should absolutely double check if this isn’t a phishing email with one of the other mentioned methods or other, better methods that our company teaches you through the Phished Academy.
8. False unsubscribes
Sometimes cybercriminals might not just be after a lot of your personal details. Sometimes they do not want your money specifically but they just want to know if your e-mail is a working one. Which is why they might choose to send phishing mails with content that is not in any way applicable to you in the hopes that you will “unsubscribe”. What you will actually be doing is signing up for more phishing mails because you just confirmed that your e-mail is a potential target and they will sell your email to other cybercriminals. The safest thing to do will be to mark them as junk and simply either delete or ignore them.