1. Unusual Email Address

If an email address looks sketchy or unfamiliar, it’s probably not legitimate. Phishers often try to impersonate legitimate organizations. If you’re unsure if the email is legitimate, check the sender’s address. An email from a legitimate organization should have a domain that matches the organization’s name. Anything else should be treated with suspicion.

If it looks sketchy or unfamiliar, it’s probably not a legit email.

2. Spelling & Grammar Errors

Spelling errors, grammar mistakes, and strange formatting are all telling signs of a phishing email. Phishers often don’t take the time to make sure their emails are error-free, so be on the lookout for these mistakes. Watch out for weird spacing between words, missing “C” for “Copyright” and @ symbol instead of, and strange formatting. These errors can be a clear giveaway.

3. Urgent Requests

Emails that pressure you to take immediate action are typically a sign of phishers trying to catch you off guard. The urgency is meant to make you react without thinking. Always take a moment to consider the content of the email before you act. Legitimate organizations will not pressure you to make immediate decisions.

“Urgently” “ASAP” “How soon can you get that done?” Are all meant to make you react without thinking. By sending gift cards, you’re not required to send any credit card or banking information, so you may be more likely to comply, especially if the request comes from your employer or someone of authority.

4. Suspicious Links & Files

Never click on a suspicious link. Try hovering over it to see what the URL is. If it’s unrelated to the website or subject, it’s probably phishing. If you’re unsure, send it to your IT department to verify before clicking or downloading anything. Downloading files from phishing emails can lead to malware being installed on your computer, so be extra cautious with any attachments or links.

Don’t click strange links in strange emails. You may be able to hover to see if you can see the URL. If you need to check your account, you can always go to the website directly.

5. Requests for Personal Information

Legitimate requests should never come via email. Never share your address, password, security question answers, Social Security number, credit card info, and/or bank info through email. If an email requests this kind of information, it’s almost certainly a phishing attempt. If you have any reason to question the email, call the organization yourself and/or forward the attempt to your IT department.

Never give any personal information through email, and don’t click links requesting it either. Again, if you need to check your account, you can go to the website directly rather than through the email.

When in Doubt…

• Forward the email to your IT department and ask them to verify it.
• Don’t click on anything or respond to it.
• You could be saving someone else from making a mistake, too.
• Remember, when it comes to phishing emails, it’s better to be safe than sorry.

Was This Helpful?

We hope this information was helpful. If it was, be sure to share it with others. We’ve even turned these tips into an easy-to-share infographic for your convenience! Be sure to save it for reference and send to your employees, colleagues, and friends. By spreading awareness, we can all help each other stay safe online. For more information about how to protect yourself from cybercrime, check out our other blog posts.