Many of us probably know what phishing emails are: emails that are sent in the guise of a reputable company or person but actually by a scammer in an attempt to obtain personal or financial details from the email’s recipient. However, would you always be able to identify a phishing email when you see one?
According to one estimate mentioned by ZDNet, about 135 million phishing attacks are attempted over email every day. Of these attacks, some could inevitably slip through the targets’ defenses – so, here are some telltale signs that an email could be a phishing attempt.
The email requests personal information
Even if the email is purportedly from a person or brand you respect, you should be on your guard if that email asks for personal details from you. That’s because the real person or brand in question is unlikely to need them; your actual bank, for example, will already know your account number.
Personal information for which a phishing email might ask would include a password or credit card number – or, to obtain such details, the answer to a security question you have previously set.
The email offers something seemingly “too good to be true”
One particularly well-worn stereotype of a phishing email is one claiming a prince wishes to leave their fortune to the email’s recipient. However, any email promising something that has a whiff of “too good to be true” should be seen suspiciously – especially if you’ve made no bid to claim that something.
This would be the case if, for example, the message claims you’ve won a lottery for which you never actually bought a ticket or says a parcel is waiting for you but you haven’t bought any physical items online recently.
The email makes an unrealistic threat
In a piece for TechRepublic, Brien Posey recalls once receiving an official-looking letter supposedly from US Bank. The letter claimed that his account had been compromised and that, if he didn’t send them his account number, his account would be cancelled and his assets seized.
However, as his only account with US Bank at that time was a car lease, he knew that there weren’t actually any deposits for the bank to seize.
The email is riddled with poor spelling and grammar
This can often happen as a result of a scammer using a service like Google Translate to convert text from another language. However, as such services tend to translate the text very literally, they don’t always manage to capture grammatical nuances peculiar to the translated-to language.
The email includes a mismatched URL
The message might urge you to include a particular link that appears as one link in the email itself but actually leads to a different, more malicious address – as you could reveal, at least in Outlook, just by hovering your mouse over the link.
Useful though these tips are, security software like Wandera’s Threat Defense tool could further help you to weed out phishing attempts and, in this manner, avoid falling foul of them.