What is Phishing and how to avoid email scams

What is phishing?

Phishing is an attempt, usually via e-mail, to trick people into revealing sensitive information like usernames, passwords, and credit card data by pretending to be a known legitimate entity. The e-mails typically include a link to a Web site that appears to be legitimate and which prompts users to provide information. Sometimes, the phishing e-mail will include a form or an attachment to fill out. One common tactic phishers use is to pretend to be from the fraud department of a bank or other financial institution or online retailer like PayPal and ask for information to be provided to prevent identity fraud.

1: Don’t trust the display name

A favorite phishing tactic among cybercriminals is to spoof the display name of an email.  A fraudulent email, once delivered, may appear legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header—if looks suspicious, don’t open the email.

2: Look but don’t click

Hover your mouse over any links embedded in the body of the email, but don’t click. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly into the browser’s address bar rather than clicking on the link from unsolicited emails.

3: Check for spelling mistakes

Most legitimate brands are pretty serious about their email communications. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

4: Analyze the greeting or salutation

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

5: Don’t ever give up personal information

Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

6: Beware of urgent or threatening language in the subject line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt”.  Threatening language in the subject line or in the body of an email can be a sign that it is a scam.

7: Look at the signature block of the sender

Lack of details about the signer or how you can contact a company strongly suggests a phishing attempt. Legitimate businesses always provide contact details.

8: Don’t click on attachments

Malicious attachments that contain viruses and malware are a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

9: Don’t trust the header from email address

Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.

10: Don’t believe everything you see

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.