How To Recognize Phishing Emails


Every day people are bombarded with unsolicited emails – also known as spam or phishing emails.  However, it’s sometimes hard to tell whether an e-mail is spam or some sort of phishing tactic.

What is phishing?

Phishing is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by pretending to be a trustworthy company or even a company you frequently do business with. Communications are usually via e-mail, to trick people into revealing sensitive information like usernames, passwords, and credit card data by pretending to be a bank or some other legitimate entity. The email often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is a social engineering technique used to fool users, and exploit the poor usability of your web security. Legislation, user training, public awareness, and technical security measures are presently in place in an attempt to deal with the growing number of reported phishing incidents.

A common tactic phishers use is to pretend to be from a financial institution or online retailer like PayPal and ask for information to be provided to prevent identity fraud, or verify your account. Phishers also use current trends, news and other popular topics to trick people into clicking on links. One e-mail about swine flu asked people to provide their name, address, phone number, and other information as part of a survey on the illness. Users of social networks such as twitter, facebook, myspace, bebo, and more are becoming popular targets.

How can you protect yourself?

  1. Check the email address. Are there misspellings in the name?  You can usually immediately detect a phishing email because they choose names that closely resembles your institution, such as [email protected]  Recognize this misspelling?  The letter O is actually a zero. Many companies use sub-domains for email communications. In this case, you may see something like [email protected]
  2. One of the most effective preventative measures is looking at the link before you click it. In many e-mail clients, you can hover your mouse over the link and it will display where you are really being directed. You can also right-click on a link and go to properties in order to view the full path. If the link does not look familiar or is cryptic looking, DO NOT CLICK.
  3. The most important thing to remember is no company will ever ask for your personal information or send you private documents via email. If you suspect a suspicious email, report it to the agency it pretends to come from.
  4. Make sure you have up to date and reliable anti-virus protection.

Where can you report phishing attempts?

You can forward suspected phishing e-mails to [email protected]. Also, companies usually have an address to forward phishing emails to. Check the company’s website or give them a call for that information. Always include the entire phishing e-mail. Additionally, complaints can be lodged with the Internet Crime Complaint Center at the FBI.

Stay safe when going through your mail and don’t be so quick to click on links.