How To Avoid Phishing Emails

Here are 20 topics to focus on , in order to avoid having your email Hijacked

A. Check the Senders Email Address & verify the domain.

  1. Inspect the Email Address:

    • Example: [email protected]. While it seems to come from PayPal, the “paypal-support.com” is not the official domain for PayPal. The legitimate domain should be @paypal.com.
  2. Focus on the Domain:

    • Example: [email protected]. This email address has an extra “.xyz” after the official domain. Official domains typically don’t have extra extensions like this, so it’s worth verifying.
  3. Match with the Company’s Website:

    • Example: [email protected]. The official domain for Facebook is @facebook.com, not @face-book.com. The hyphen is a subtle but crucial difference.
  4. Watch for Subtle Variations:

    • Example: support@[email protected]. This email address uses a zero instead of the letter “o” and also includes a stray “@” symbol, which could be an attempt to confuse recipients. The legitimate domain for Honda would be @honda.com.
  5. Verify Against the Official Site:

    • Example: [email protected]. The domain “bankofamericabanking.com” is slightly different from the official Bank of America domain, which is @bankofamerica.com. Always verify by comparing the domain with the official site.
  6. Be Cautious of Unfamiliar Domains:

    • Example: [email protected]. If you receive an email from a domain like “secure-payment-link.co” instead of an expected domain from a well-known company like @stripe.com, be cautious. The unfamiliar domain and the generic nature of the link may indicate a phishing attempt.

In each of these cases, the email address or domain may look deceptively similar to a legitimate one, but a closer inspection reveals discrepancies that can signal potential phishing or scam attempts. Always verify suspicious domains through official channels.

 B.  Look for spelling and Grammar Mistakes

 

  1. Read the Email Slowly and Carefully:

    • Example: An email with the subject “Urjent Notice About Your Account” might prompt you to read closely. A legitimate company would typically use proper spelling and grammar, such as “Urgent Notice About Your Account.”
  2. Look for Any Words That Are Spelled Wrong:

    • Example: If you receive an email from [email protected] (with “amrica” misspelled), this could be a red flag. The official domain should be @bankofamerica.com, and a legitimate email should not have such errors.
  3. Check if Sentences Sound Odd or Incorrect:

    • Example: An email stating, “To ensure your accout is secured, please verif your identity” contains awkward phrasing and errors. A genuine email would have clearer, correctly phrased sentences like, “To ensure your account is secure, please verify your identity.”
  4. Remember, Official Emails Usually Don’t Have Mistakes:

    • Example: An email from [email protected] with a message like, “Your acount need urgent verificashun” contains multiple errors. Official emails from reputable companies like PayPal should be free from such mistakes.
  5. Use a Spell-Check Tool if Needed:

    • Example: Copy and paste an email containing phrases like “We have detected an unusal activity on your accout” into a spell-check tool. It will highlight “unusal” (should be “unusual”) and “accout” (should be “account”) as errors, indicating potential issues.
  6. If There Are Many Mistakes, It’s Probably a Phishing Email:

    • Example: An email with numerous errors, such as “Dear User, we need you to confirm your credintials. Click the link below to avoid suspnsion of your accout,” is highly suspect. Reputable organizations typically ensure their communications are well-written and error-free.

By carefully examining spelling and grammar, you can often identify suspicious emails. Phishing attempts frequently include errors that legitimate communications from professional organizations would avoid.

C. Check the Greeting: Generic Greetings Can Be a Red Flag 

  1. Notice How the Email Starts (e.g., “Dear Customer”):

    • Example: If you receive an email starting with “Dear Customer,” it might seem generic. For example, an email from [email protected] starting with “Dear Customer, your account needs verification” can be a red flag if you usually receive more personalized greetings.
  2. Think If This Is How the Company Usually Greets You:

    • Example: If your regular communications from a company like Apple start with “Dear [Your Name],” but you receive a message from [email protected] that begins with “Dear User,” it might not align with the company’s usual communication style.
  3. Personal Greetings Are Common from Trusted Sources:

    • Example: An email from a trusted service like Amazon typically uses personal greetings such as “Dear John,” if you’re John Smith. An email that starts with “Hi Customer,” even from a domain that appears legitimate, may be a sign of phishing if you usually receive personalized addresses.
  4. Be Cautious If It Says “Dear User” or “Hi Friend”:

    • Example: An email from [email protected] that greets you with “Hi Friend,” rather than using your name, could be suspicious. Legitimate companies generally use more personalized greetings and specific details about the recipient.
  5. Compare With Past Emails from the Company:

    • Example: Look at past emails from Microsoft. If previous emails begin with “Dear Jane Doe,” and you receive a new one starting with “Dear User,” this inconsistency might indicate a phishing attempt.
  6. Generic Greetings Might Indicate a Phishing Attempt:

    • Example: If you receive an email from [email protected] with a greeting like “Dear Valued Member,” and you usually receive emails that use your name, this generic greeting could be a sign of phishing.

In each case, evaluating how an email addresses you compared to past communications and the expected standards of the company can help identify potential phishing attempts. Legitimate companies usually have a consistent and personalized approach to greeting their customers.

D. Inspect URL’s: Hover over Links to See the Actual URL

  1. Move Your Mouse Over Any Links Without Clicking:

    • Example: If you receive an email that asks you to click a link, such as “Verify your account,” move your mouse over the link without clicking. This action will usually display the URL in the status bar of your browser or email client.
  2. Look at the Bottom of Your Screen to See the URL:

    • Example: An email with a link that says “Click here for a special offer” might show a URL like http://www.special-offer.com when you hover over it. Check the bottom of your screen to see if the URL matches the expected domain.
  3. Make Sure the Link Matches the Real Website (e.g., www.microsoft.com):

    • Example: If an email from [email protected] includes a link that says http://www.micros0ft.com/reset-password, be cautious. The “micros0ft.com” domain is suspicious because it’s using a zero instead of the letter “o” in “Microsoft.”
  4. Be Cautious of Short or Weird-Looking Links:

    • Example: An email contains a link like http://bit.ly/3f9aB2. While bit.ly is a URL shortening service, it obscures the final destination. Be wary of such links and verify their destination before clicking.
  5. Remember, Official Sites Usually Use Simple URLs:

    • Example: An email from a trusted source like Netflix should have URLs like http://www.netflix.com/login. If the link is something complex and unconventional, such as http://www.netflix.secure-verify-info.com/validate, it might be suspicious.
  6. If the Link Looks Suspicious, Don’t Click It:

    • Example: You receive an email with a link like http://www.freegift-cash.xyz/claim, which is not a domain you recognize or associate with legitimate businesses. Even if it appears to be related to an offer, it’s safer to avoid clicking.

By carefully inspecting URLs and ensuring they match legitimate, expected domains and structures, you can avoid falling victim to phishing attacks and other online scams.

 E. Analyze the Email’s Tone: Be Wary of Urgent or Threatening Language

  1. Read How the Email Makes You Feel:

    • Example: If an email makes you feel anxious or uneasy with phrases like “Immediate action required,” it’s essential to assess the context. Legitimate companies usually communicate calmly and professionally.
  2. Be Careful if It Sounds Urgent or Scary (e.g., “Act Now!”):

    • Example: An email with a subject line such as “URGENT: Your Account Will Be Suspended!” or “ACT NOW: Security Breach Detected!” often uses fear tactics to prompt hasty action. Such language is a common trait of phishing scams.
  3. Real Companies Usually Don’t Rush You:

    • Example: A legitimate email from a service like Amazon would typically give you ample time to resolve issues or verify information without using pressure tactics. If an email demands immediate action with phrases like “You have 24 hours to resolve this issue,” it could be suspicious.
  4. Notice if the Email Pressures You to Take Quick Action:

    • Example: An email stating “Click the link below to avoid losing access to your account” is trying to create urgency. Legitimate communications generally allow more time for responses and do not pressure you into immediate action.
  5. Compare the Tone with Other Emails You Receive:

    • Example: Compare the tone of a suspicious email with previous emails from known and trusted companies. For example, if you regularly receive emails from Paypal that are informative and non-threatening, but you receive a new email with alarming language like “Immediate Verification Required,” the tone may be a red flag.
  6. Urgent Language Often Indicates a Phishing Attempt:

    • Example: An email from [email protected] with a message like “Immediate Action Needed: Verify Your Identity or Face Account Suspension!” uses urgent language to create a sense of panic. This urgency is often used by phishers to trick you into acting quickly without thinking.

By paying attention to the tone of an email and comparing it to known communication practices of legitimate organizations, you can better identify phishing attempts. Emails using undue urgency or threatening language are often designed to manipulate recipients into making hasty decisions.

 

F. Check for Attachments: Unexpected Attachments Can Be Malicious

  1. Look at the Bottom of the Email for Attached Files:

    • Example: You receive an email and notice an attachment listed at the bottom, such as Invoice_Details.pdf. Check for any unexpected files attached to the email, as this could be a sign of a phishing attempt or malware.
  2. Be Cautious if You Weren’t Expecting a File:

    • Example: If you receive an email from [email protected] with an attachment titled Employee_List.zip and you weren’t expecting any such document, this is a red flag. Legitimate emails should match your expectations or prior communications.
  3. Notice the File Name and Type (e.g., .exe, .zip):

    • Example: An email contains an attachment named Invoice_2024.exe. Executable files (.exe) can be used to deliver malware. Similarly, an attachment named Update_Information.zip might be a compressed file that could contain malicious software. Be wary of these file types.
  4. Don’t Open Attachments from Unknown Senders:

    • Example: You receive an email from an unfamiliar address, like [email protected], with an attachment named Payment_Confirmation.pdf. Even if the file appears harmless, avoid opening it. Legitimate communications should come from known and trusted sources.
  5. Ask If You Are Supposed to Receive an Attachment:

    • Example: If you receive an email from [email protected] with an attachment you weren’t expecting, contact the sender through a different communication method (e.g., phone call or separate email) to confirm if the attachment is legitimate.
  6. If Unsure, Verify With the Sender Before Opening:

    • Example: You get an email with an attachment from [email protected] titled Urgent_Security_Update.pdf, but you’re unsure if it’s expected. Verify with the sender directly (not by replying to the email) using contact details you know are legitimate before opening the attachment.

By carefully inspecting email attachments, verifying their source, and being cautious about unexpected or unusual files, you can protect yourself from malicious attachments and potential security threats.

 

G. Verify Logos and Branding: Look for Inconsistencies in Company Logos

  1. Compare the Email’s Logo with the Official Company Logo:

    • Example: You receive an email that includes a logo for Google, but when you compare it to the official Google logo on their website, you notice differences. For instance, if the email’s logo has a different font or spacing, it could be a sign of a phishing attempt.
  2. Check if the Colors and Design Match:

    • Example: An email purporting to be from Adobe has a logo where the red is a different shade than the official Adobe red. Additionally, the official logo has a specific design style that’s not matched in the email. Differences in color or design might indicate that the email is not from a legitimate source.
  3. Look for Any Distortions or Low-Quality Images:

    • Example: An email from Microsoft contains a logo that appears pixelated or stretched, with blurry edges. The official Microsoft logo should be clear and well-defined. Low-quality images or distortions in the logo can be a red flag.
  4. Official Emails Usually Have High-Quality Logos:

    • Example: If you receive an email from Apple with a logo that looks fuzzy or low-resolution, it may not be from a legitimate source. Official emails from reputable companies typically use high-quality, professional images.
  5. Be Cautious if the Logo Looks Different or Off:

    • Example: An email from PayPal features a logo with altered text or a different design element, such as an unusual font or additional graphics. If the logo doesn’t closely match the one on PayPal’s official website, it could indicate a phishing attempt.
  6. Consistent Branding is Key in Legitimate Emails:

    • Example: A genuine email from Netflix will consistently use the official Netflix logo and branding elements as seen on their website. If the email features a logo with inconsistent branding, different colors, or altered text, it might be a phishing attempt.

By carefully examining the logos and branding elements in emails and ensuring they match the official designs used by the company, you can help identify phishing attempts and other fraudulent communications. Authentic emails from reputable companies will have consistent and high-quality branding.

 

H.  Examine the Signature: Ensure It Matches the Sender’s Usual Format

  1. Look at the End of the Email for the Sender’s Name and Details:

    • Example: At the end of the email, you see a signature that includes the sender’s name and contact information, such as “John Smith, Customer Support, XYZ Corp.” Ensure that these details are present and formatted correctly. If the signature is missing important elements, it might be suspicious.
  2. Check if the Signature Looks Like Past Emails from the Same Sender:

    • Example: If you’ve previously received emails from [email protected] and the signature included “Jane Doe, Senior Support Specialist, Company Inc.,” but the new email shows “J. Doe, Customer Service, Company” with different formatting, this inconsistency can be a red flag.
  3. Verify Contact Information and Company Details:

    • Example: An email claims to be from [email protected] with a signature that lists a phone number and address. If the contact information is different from what you’ve used previously or listed on the official website, it may be a phishing attempt.
  4. Notice if Anything Seems Incomplete or Strange:

    • Example: An email from [email protected] has a signature like “Legal Team, Company,” but it’s missing the sender’s name and title. Incomplete or unusual signatures can indicate that the email is not from a legitimate source.
  5. Compare the Signature with the Company’s Official Style:

    • Example: Compare the email signature with the signature format used in official company communications. For instance, if a company’s official email signature includes a company logo, social media links, and a specific layout, but the email you received has a simple, unbranded signature, it might be suspicious.
  6. Inconsistent Signatures Might Indicate Phishing:

    • Example: You receive an email from [email protected] with a signature like “Best regards, Alex, Reliable Co.”, whereas previous emails from the same company included “Alex Johnson, Customer Service Manager, Reliable Company.” If the new signature lacks detail or deviates significantly from the usual format, it could be a phishing attempt.

By scrutinizing the email signature for consistency with past communications, verifying contact details, and comparing it to the official company style, you can better identify potential phishing attempts and ensure the authenticity of the email.

 

I.  Check for Personal Information: Legitimate Companies Usually Have Your Details

  1. See if the Email Includes Your Name or Account Details:

    • Example: An email from [email protected] addresses you by your name, such as “Dear John Smith,” and includes your account number or username. Legitimate companies often personalize emails to include your specific details, enhancing the email’s authenticity.
  2. Real Companies Usually Personalize Their Emails:

    • Example: If you receive an email from [email protected] that starts with “Dear Customer,” but your name and account details are not mentioned, it could be a sign of phishing. Authentic emails typically include personal details relevant to you.
  3. Be Suspicious of Very Generic Emails:

    • Example: An email that says, “Dear Valued Customer, we have an important update for you,” without any specific information about you or your account could be a phishing attempt. Phishing emails often use generic language to apply to a broad audience.
  4. Check if They Know Your Correct Information:

    • Example: If an email from [email protected] includes accurate information about your recent transactions, such as “Your recent purchase of $50 was successful,” it suggests that the sender has access to your correct details. Emails that misuse or incorrectly state your information might be fraudulent.
  5. Compare with Past Communications from the Company:

    • Example: Review previous emails from the same company. If you usually receive emails that address you by your full name and include specific account details, but the new email from [email protected] uses just “Dear User,” it might be worth questioning.
  6. If They Don’t Know You, It Might Be Phishing:

    • Example: An email from [email protected] that greets you with “Hello there,” without mentioning your name or any specific details about your account, is suspicious. Genuine emails from banks or service providers usually include personalized details to establish legitimacy.

By checking for personalization and specific details in emails, you can better identify whether a communication is legitimate or potentially a phishing attempt. Legitimate companies typically include personal information and tailor their emails to your account or previous interactions.

 

J.  Look for Strange Requests: Be Cautious of Unusual Asks, Like Gift Cards

  1. Read What the Email Is Asking You to Do:

    • Example: An email from [email protected] asks you to “Click the link below to confirm your details.” Carefully read the request to ensure it aligns with what you’d expect from the company.
  2. Be Careful If It’s Asking for Unusual Things Like Gift Cards:

    • Example: You receive an email from [email protected] asking you to “Purchase $200 in gift cards and send us the codes to avoid service interruption.” This is highly unusual for a utility provider, which typically wouldn’t request payment through gift cards.
  3. Real Companies Don’t Usually Make Such Requests:

    • Example: A legitimate email from a bank or service provider typically requests payment or verification through established methods, not via gift cards or unusual payment methods. For example, an email from [email protected] requesting “Payment of overdue balance using gift cards” is not standard practice.
  4. Think If the Request Makes Sense:

    • Example: An email from [email protected] asking you to “Verify your account by sending us a $50 gift card” doesn’t make sense as a verification method. Such requests should be scrutinized because they deviate from standard procedures.
  5. Verify With the Company If You’re Unsure:

    • Example: If you receive an email from [email protected] asking you to “Send $100 in gift cards to this address to process your refund,” contact the company directly using contact information from their official website (not from the email) to confirm if the request is legitimate.
  6. Strange Requests Often Indicate Phishing Attempts:

    • Example: An email from [email protected] that says, “To ensure your donation is processed, please purchase and send us gift cards,” is highly unusual. Most reputable charities have established methods for handling donations and would not ask for gift cards in this manner.

By carefully evaluating the nature of the requests in emails and comparing them to standard practices for the company, you can better identify phishing attempts and avoid falling victim to scams. Legitimate companies have established procedures and would not ask for unusual payment methods or personal information in unorthodox ways.

 

K.  Analyze Email Headers: Check for Discrepancies in the Email’s Path.

  1. Examine the Email Header Information:

    • Example: To check the email header, open the email and view the header details (usually found in the “More” or “Options” menu). Look at the “Received” lines that show the email’s path from the sender to you. For example, an email from [email protected] should show a path that aligns with their domain and infrastructure.
  2. Check the Path for Discrepancies:

    • Example: If the email header for a message supposedly from [email protected] shows that the email was routed through multiple unknown servers or domains like smtp.randomserver.xyz, this may be unusual and warrant further investigation. Authentic emails from a legitimate bank typically pass through their own secure servers.
  3. Compare the Sending IP Address with Known IPs:

    • Example: In the email header, the sending IP address for an email from [email protected] might show something like 203.0.113.45. Compare this IP address with known IP ranges used by the company’s email servers (often listed on their website or through a quick online search). An unfamiliar IP address or one that doesn’t align with the company’s typical IP range can be a red flag.
  4. Look for Mismatched Domains in the Path:

    • Example: An email from [email protected] might show a path that includes intermediary domains like spammer.com or untrustworthy-server.com in the header. This discrepancy can indicate that the email did not originate from the expected domain.
  5. Check for Inconsistent or Suspicious Sender Information:

    • Example: The email header should include information consistent with the sender’s domain. If an email from [email protected] shows a “Return-Path” or “From” address like [email protected], this inconsistency can suggest that the email is not genuine.
  6. Use Email Header Analysis Tools if Needed:

    • Example: If you’re unsure about interpreting the header information, use tools like MxToolbox or Email Header Analyzer to parse and analyze the header. These tools can help you identify red flags in the email’s path, such as suspicious IP addresses or routing anomalies.

By closely analyzing the email headers, you can detect discrepancies and potential issues with the email’s path, helping you identify whether an email is legitimate or potentially a phishing attempt. Authentic emails will generally have a consistent and expected path, whereas phishing emails may exhibit unusual routing and sender information.

 

L. Beware of Unsolicited Links: Avoid Clicking on Unexpected Links

  1. Be Cautious with Any Links You Didn’t Ask For:

    • Example: You receive an email from [email protected] with a link that says, “Click here to claim your prize!” and you haven’t participated in any contest or requested any information from them. This unsolicited link should be approached with caution, as it might be a phishing attempt.
  2. Think If You Were Expecting This Email:

    • Example: An email from [email protected] contains a link saying, “Update your account details here.” If you haven’t recently interacted with the bank or requested any updates, this unexpected link could be suspicious.
  3. Don’t Click on Links Right Away:

    • Example: An email from [email protected] asks you to “Verify your account by clicking this link.” Even if the email looks official, don’t click on the link immediately. Take time to verify the authenticity of the email before clicking.
  4. Verify with the Sender if the Link is Legitimate:

    • Example: If you receive an email from [email protected] with a link to “Reset your password,” contact the company using official contact details (not the email) to confirm if they sent the email and the link is legitimate.
  5. Look at the Link to See If It Seems Strange:

    • Example: Hover over the link in the email, and you see http://www.unfamiliarwebsite.com/login. This domain is not associated with the known company’s official website, suggesting that the link could be part of a phishing attempt. Legitimate links should match the company’s official domain.
  6. Unexpected Links Often Indicate Phishing:

    • Example: You receive an email from [email protected] with a link that asks for your personal information or payment details but doesn’t correspond to their official website. Unexpected or unusual links are often used in phishing schemes to trick users into providing sensitive information.

By carefully evaluating unsolicited links and verifying their legitimacy, you can protect yourself from phishing attempts and avoid falling victim to scams. Always be cautious with links in emails, especially when they are unexpected or require immediate action.

 

M. Check for Spoofed Domains: Look for Slight Misspellings in the Domain Name

 

  1. Look Closely at the Sender’s Email Address:

    • Example: An email comes from [email protected]. Carefully examine the entire email address to ensure it’s from the expected domain. Look for any subtle differences or typos.
  2. Check for Small Spelling Mistakes (e.g., @microsfot.com):

    • Example: You receive an email from [email protected] but the domain is @paypa1.com (using a number “1” instead of the letter “l”). Small spelling mistakes or character substitutions can indicate a spoofed domain.
  3. Compare It with the Official Company Domain:

    • Example: If you receive an email from [email protected], compare it with the official domain amazon.com. The official domain should be correctly spelled without any substitutions or errors.
  4. Notice Any Differences, Even If They’re Small:

    • Example: An email from [email protected] instead of @google.com contains an extra “o” in “gooogle.” Even small differences can be intentional attempts to deceive.
  5. Real Domains Are Usually Spelled Correctly:

    • Example: A legitimate email from [email protected] should come from exactly that domain. Any variation like @linken.com or @linkedn.com is likely a phishing attempt.
  6. Misspelled Domains Indicate Phishing:

    • Example: If you receive an email from [email protected] with a misspelling in the domain, such as an extra “e” or missing letter, it’s a common tactic used in phishing to create a sense of authenticity while disguising the true sender.

By closely examining the domain names in email addresses and looking out for even minor discrepancies, you can identify potential phishing attempts. Spoofed domains often use slight misspellings to trick recipients into believing the email is from a legitimate source.

N. Verify the Message Context: Ensure the Email Makes Sense Within Your Interactions with the Sender

  1. Think About Your Past Emails with This Sender:

    • Example: If you have been communicating with [email protected] about a project update and you suddenly receive an email from the same address asking for your personal bank details, consider whether this aligns with your prior interactions. A legitimate sender’s requests should be consistent with past discussions.
  2. Check if the Email Fits What You’ve Talked About Before:

    • Example: You’ve been discussing a product order with [email protected], and you receive an email from the same address asking you to “Confirm your shipping address for an order you didn’t place.” If this request doesn’t fit the context of your previous conversations, it could be suspicious.
  3. Notice if It Seems Out of Place:

    • Example: An email from [email protected] asking you to “Click this link to verify your account” when you haven’t had any recent interactions or requests from your bank might seem out of place. Genuine communications should fit within the context of your ongoing interactions.
  4. Compare with Your Previous Conversations:

    • Example: If previous emails from [email protected] included clear instructions and were related to support issues you raised, but a new email requests payment for an unknown reason, this discrepancy should raise suspicion. The context of previous conversations helps verify the authenticity of the current email.
  5. Real Emails Usually Make Sense in Context:

    • Example: An email from [email protected] should relate to your known interactions, such as updates on a project or upcoming meetings. If an email suddenly asks for login credentials or payment details, it might not make sense in the context of your prior communications.
  6. Out-of-Context Emails Often Indicate Phishing:

    • Example: Receiving an unsolicited email from [email protected] with an unexpected attachment or urgent request for sensitive information, when you have no recent dealings with HR or any open applications, suggests it might be a phishing attempt. Phishing emails often attempt to create a sense of urgency or confusion by being out of context.

By carefully considering the context of the email in relation to your previous interactions, you can better identify whether an email is genuine or potentially part of a phishing scam. Consistent and contextually relevant communications are key indicators of legitimate emails.

O. Look for Unusual Attachments: Files with Extensions Like .exe, .zip, or .scr Are Suspicious

  1. Look at the File Types of Any Attachments:

    • Example: You receive an email with an attachment named Invoice_2024.exe. Check the file type carefully. Files with extensions like .exe.zip, or .scr can be used to deliver malware or perform malicious actions.
  2. Be Cautious with Files Like .exe, .zip, or .scr:

    • Example: An email from [email protected] contains an attachment named Important_Document.zip.zip files can contain multiple files, including executable ones. Similarly, Update_YourSoftware.scr (a screensaver file) or PaymentConfirmation.exe can be harmful. Always be cautious with these file types.
  3. Don’t Open Attachments from Unknown Senders:

    • Example: If you receive an email from an unfamiliar address, such as [email protected], with an attachment like Report.scr, do not open the file. Attachments from unknown senders can contain harmful software or malware.
  4. Verify with the Sender if You’re Unsure:

    • Example: You get an email from [email protected] with an attachment Details_2024.zip, but you’re unsure if it’s expected. Contact the company through a known and trusted method (e.g., their official website or phone number) to confirm if the email and attachment are legitimate.
  5. Ask if You Are Supposed to Receive Such Files:

    • Example: If you receive an email from [email protected] with an attachment like Tax_Form.exe and you weren’t expecting this type of file, reach out to your organization or the sender directly to verify if you were meant to receive it.
  6. Suspicious File Types Indicate Phishing:

    • Example: An email from [email protected] has an attachment named Urgent_Update.scr. Files with these extensions are often used in phishing attempts to deliver malware. Be wary of unsolicited or unexpected file types, as they can be indicators of phishing or other malicious activities.

By scrutinizing attachments, especially those with file types commonly associated with malware, and verifying their legitimacy, you can protect yourself from phishing attempts and malicious software. Always be cautious and confirm the authenticity of any unexpected or unusual attachments before opening them.

P. Check for HTTPS in Links: Secure Sites Use HTTPS

  1. Look at the Start of the Link:

    • Example: Hover over a link in the email, such as http://login.example.com. Pay attention to the beginning of the URL. If it starts with https://, it indicates a secure connection. For example, https://secure.example.com is preferable.
  2. Make Sure It Begins with “https://” (the “s” Stands for Secure):

    • Example: An email contains a link like http://www.yourbank.com/verify. The lack of an “s” in http:// means the connection is not secure. A secure link would be https://www.yourbank.com/verify.
  3. Avoid Links That Just Say “http://”:

    • Example: You receive a link in an email saying http://www.phishingexample.com. Links with http:// instead of https:// are less secure and could be a sign of phishing. Always prefer links starting with https://.
  4. Real Websites Usually Use HTTPS:

    • Example: Official sites like https://www.google.com or https://www.amazon.com use HTTPS. If an email directs you to a link such as http://www.legitexample.com, it’s worth questioning its authenticity as real websites typically use HTTPS for secure communication.
  5. Compare with the Official Website:

    • Example: If you receive a link claiming to be from https://www.yourbank.com, but the email link redirects to http://www.yourbank-secure.com, check the official website for the correct URL. A legitimate site will use HTTPS consistently, and discrepancies can indicate phishing.
  6. Non-Secure Links Often Indicate Phishing:

    • Example: An email from [email protected] contains a link like http://www.untrustedsite.com/login. Since the link uses http:// instead of https://, it’s likely less secure. Be cautious with such links, as non-secure links are often used in phishing attempts to capture personal information.

By checking that links use https:// and comparing them to known, secure websites, you can better protect yourself from phishing attempts and ensure that you’re connecting to legitimate, secure sites.

Q. Review the Email Content: Does It Sound Like the Sender?

  1. Read the Email Carefully:

    • Example: You receive an email supposedly from [email protected]. Carefully read through the email to understand its content and tone. Look for any inconsistencies or unusual language that may not match the expected style.
  2. Think If It Sounds Like the Person or Company You Know:

    • Example: An email from [email protected] says, “Congratulations! You’ve won a special prize. Just send us your bank details to claim it!” If this message doesn’t align with how the company typically communicates, it may be a phishing attempt.
  3. Compare with Past Emails from the Same Sender:

    • Example: If you’ve previously received emails from [email protected] that were formal and included specific account-related information, but the new email is casual and asks for personal details, compare this new email with previous communications to spot discrepancies.
  4. Notice If the Style Is Different:

    • Example: An email from [email protected] usually uses a professional tone with clear formatting. If you receive a new email from the same address that is poorly written, uses informal language, or has strange formatting, it may be suspicious.
  5. Real Emails Usually Have a Consistent Tone:

    • Example: Genuine emails from [email protected] maintain a consistent professional tone and structure. If you get an email that suddenly uses aggressive language or urgency that contrasts with past communications, it might be a phishing attempt.
  6. Different Styles Might Indicate Phishing:

    • Example: If [email protected] typically sends well-written, informative content and you receive a new email with a different tone, such as “Urgent! Your account needs immediate action” with poor grammar, it could indicate that the email is a phishing attempt.

By carefully analyzing the content, tone, and style of the email and comparing it with past communications from the sender, you can identify discrepancies that may indicate a phishing attempt. Legitimate emails will generally maintain a consistent tone and style, while phishing emails often use different styles to create confusion and deceive recipients.

 

 

R. Be Cautious with Pop-Up Forms: Don’t Enter Personal Information in Pop-Ups

 

  1. Be Careful with Forms That Pop Up in Emails:

    • Example: You receive an email with a link saying, “Click here to update your details,” and a form pops up when you click it. Be wary of these forms, as they can be used to collect personal information fraudulently.
  2. Don’t Enter Your Personal Info:

    • Example: The pop-up form asks for sensitive information like your Social Security number or bank details. Do not enter this information. Legitimate companies rarely request such details through pop-up forms or unsolicited emails.
  3. Real Companies Don’t Usually Ask for Info This Way:

    • Example: If you receive a pop-up form from [email protected] asking for login credentials or payment information, it’s suspicious. Real companies typically use secure portals and authenticated methods to collect personal information.
  4. Verify with the Company if You’re Unsure:

    • Example: If you’re unsure about a pop-up form from [email protected], contact the company directly through their official website or phone number. Do not use any contact information provided in the email or pop-up itself.
  5. Compare with Official Forms from the Company:

    • Example: Check the company’s official website for their standard procedures for collecting information. If the form or request in the email does not match their usual methods, it’s likely a phishing attempt. For instance, if trustedbank.com uses a secure login page for updates, a pop-up form requesting such information would be unusual.
  6. Pop-Up Forms Often Indicate Phishing:

    • Example: An email from [email protected] with a pop-up form asking for your credit card details is a strong indicator of phishing. Phishing attempts often use pop-up forms to trick users into providing personal information.

By exercising caution with pop-up forms and verifying their legitimacy through trusted channels, you can avoid falling victim to phishing schemes and protect your personal information. Legitimate companies typically use secure and authenticated methods to request sensitive information, rather than pop-up forms in unsolicited emails.

 

S. Trust Your Instincts: If Something Feels Off, Investigate Further

  1. If the Email Feels Weird, Take a Moment:

    • Example: You receive an email that claims you’ve won a large sum of money but asks for personal details and payment for processing fees. If something about the email feels unusual or too good to be true, pause before taking any action.
  2. Trust Your Gut Feeling:

    • Example: An email from [email protected] asks you to urgently verify your account by clicking a suspicious link. If the urgency or request feels off, trust your gut feeling and avoid clicking the link until you can verify its authenticity.
  3. Check with Someone You Trust if You’re Unsure:

    • Example: You receive an email from [email protected] with a request for sensitive information. If you’re unsure about its legitimacy, ask a colleague or friend for their opinion or consult with your IT department.
  4. Real Emails Usually Make You Feel Comfortable:

    • Example: Genuine emails from companies you know typically follow standard communication practices, use professional language, and have a familiar tone. An email that feels overly aggressive or uncharacteristically informal may be a sign of phishing.
  5. Investigate Further if It Seems Off:

    • Example: If an email from [email protected] contains inconsistent formatting, strange grammar, or an unusual request like transferring money to a different account, investigate further by contacting the bank through their official contact methods.
  6. Your Instincts Can Help Detect Phishing:

    • Example: You receive an email with a link that doesn’t look quite right or seems out of character for the sender. If your instincts tell you something is off, it’s worth investigating further, such as by verifying the email’s legitimacy or checking for signs of phishing.

By following these steps, you can leverage your instincts to help identify and avoid potential phishing attempts. Emails that make you feel uncomfortable or seem suspicious often warrant additional scrutiny to ensure your safety and security.

 

 

T. At the end of the day. If you just dont trust it, DELETE IT!

Scroll to Top