Five Ways to Spot a Phish

What’s Phishing, anyway?

Phishing is a type of online attack in which the victim is sent emails that appear to be from an authentic source. The victim is usually asked for personal information, passwords, or money.

Phishing is one of the most common online threats. Here are five ways to spot phishing attacks:


  • The email asks you to confirm personal information

    Always be suspicious of emails requesting you to confirm personal information that you would never usually provide, such as banking details or login credentials. Do not reply or click any links and if you think there’s a possibility that the email is genuine, you should search online and contact the organization directly  – do not use any communication method provided in the email!

  • The web and email addresses do not look genuine

    Many times, a lot of work is put into the email to make it look convincing. Often, a phishing email will come from an address that appears to be genuine. A quick glance at these details might make them seem legitimate, but take a moment to scrutinize it and you might see[@]fakemail[.]com

    Malicious links can also be concealed within the body of email text, often alongside genuine ones.  Before clicking on links, hover over and inspect each one first.

  • It’s poorly written

    Read the email and check for spelling and grammatical mistakes, as well as strange turns of phrase. Emails from legitimate companies will have been constructed by professional writers and exhaustively checked for errors. If you have received an unexpected email from a company, and it is riddled with mistakes, this can be a strong indicator it is actually a phish.

  • There’s a suspicious attachment

    Did you receive an email from someone you do business with that includes an unexpected invoice, or attachment? The attachment could contain a suspicious URL or malicious program, leading to the installation of a virus or malware on your PC or network. Even if you think an attachment is genuine, it’s good practice to always scan it first using antivirus software.

  • The message is designed to make you panic

    How would you feel being billed for something you never ordered? Or learning your account has been compromised? What if someone threatened to delete your account if you don’t verify your login credentials? Or what appears to be your supervisor emailing you to make a purchase for them right away?

    When you receive an email like this, take some time to consider the information. Contact the sender through another method and verify the message’s authenticity before responding.

When in doubt, throw it out! Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.