TekTips: How to spot a phishing email

It’s an inevitability that you will one day receive a phishing email, if you haven’t already. The important part is not getting reeled in to the scam. Here are a few ways you can spot that phishing email next time it comes in.

  • Are you expecting the email? If you’re not expecting something from someone that asks you to do something or click on something you haven’t asked for, chance are it’s phishing.  Don’t click.
  • Look at the email address.  Email addresses are a telltale sign of a phishing attempt. Look at the email address they used to verify if it’s real or not. Look at the spellings to.  Goggle, Goog1e and G00GLE are all attempts to trick you into believing that email.  Don’t do it.
  • Look for bad grammar and misspellings. A lot of these attempts are from overseas where English is not their first language.  Look at how they word the email.  You can often see multiple issues in the wording. If they can’t string a sentence, it might be phishing.
  • Immediacy and urgency. This is a classic tactic. Phishers use this to get people to do things they wouldn’t otherwise do because we all want to please first.  Don’t give in to this until you’ve verified.
  • Scare tactics. Just because it says you’ve been compromised might just be what they need to make you believe.  Doubt first.

If you think phishing doesn’t happen, here’s a real email we received just a few months ago.

Most importantly, when in doubt, pick up the phone and call.  This can’t be stressed enough. Your boss or your client will be happier that you bothered them and confirmed by phone rather than sent $100,000 of the business’ money to an offshore account. Stay safe!