What To Look Out for in Phishing Emails
Phishing emails try to trick recipients into revealing credentials, installing malware, or transferring money. Attackers use urgency, impersonation, and fake links. Train yourself to pause, inspect, and verify before clicking or replying.
Red Flags to Look for in Phishing Emails
Sender & Identity
Display Name VS. Real Address: An email might be from IT-ServiceDesk <servicedesk@actiontarget.com> -- ensure to hover or view the full address to ensure it is a legitimate email.
Spoofed Domains: If you are skeptical of an email, ensure to check the email address and make sure it is the correct email address.
Ex) account-security@amaz0n.com VS. account-security@amazon.com The first email address has a '0' instead of an 'o'. This is a solid way of determining if you are experiencing a phishing attack. If you are still uncertain, reach out to the IT department for help.
Reply-to is Different: The sender could be bob@actiontarget.com but the reply-to is timmy@gmail.com.
Links & URLs
Hover before clicking: Hover over a link to preview the destination. If the visible text says company.com/login but hovering shows http://bad-site.com/XYZ, it is phishing.
When hovering over the link, you will see the destination in the bottom left-hand corner of the screen.
Shortened or obfuscated links: Bit.ly links or long, token-filled URLs -- Treat these with caution!
A token filled URL will have a long, random string of characters that are often after a ? or #. Ex of a ? token) https://microsoft.com.verify-login.info/?id=U29tZVRva2VuVmFsdWU9MTIzNDU= Ex of a # token) https://paypal.com.security-check.io/#token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
Mismatch Example: Link text will say "Secure your account" ---> Hovering shows http://212.16.152.5/verify
Attachments & File Types
Visual & Language Cues