14 June, 2021

How to spot a phishing scam

Gone are the days of deposed Nigerian princes offering to send you their fortunes. Today, hackers are incredibly sophisticated, fooling even the most tech-savvy among us.

Gone are the days of deposed Nigerian princes offering to send you their fortunes. Today, hackers are incredibly sophisticated, fooling even the most tech-savvy among us. From emails asking you to reset your password from seemingly legitimate websites to your boss supposedly asking you to download a file she sent, phishing scams are becoming increasingly complex and nearly indistinguishable from legitimate emails. So, how can you prevent yourself from falling victim to data loss or having your personal information stolen? Most scams have subtle hints that help to identify suspicious requests. We’ve laid out the five most common tells for how to spot a phishing email.

1. Check the domain name of the sender

The first and easiest way to deduce the email you just received is a phishing scam is to take a look at the sender’s email. If you just received an email from “Netflix” asking you to click a link to reset your password, but the email is from netflix@gmail.com, you know you’re being duped. No legitimate organization will send something from an @gmail.com or an @hotmail.com account. Be wary of domains that look similar to the company the hacker is posing as. For example, a hacker might use security@netflixhelp.com or similar to try and confuse users. You should only trust an email if it comes from the exact domain of the organization (in this case, @netflix.com).

Pro Tip- open up the organization’s website the email claims to be and compare domain names. Be wary of common misspellings or shortened names! (e.g., Netflicks, Googlemail, Bankofamericans)

2. Check the email text for misspelled words and poor grammar

When hackers deploy their scam, they’re not hoping to fool a large percentage of people. They cast a wide net in the hopes that even just a few will fall victim to their scam. Because of this method of attack, hackers are often not very concerned with spelling or grammar. Pay attention to the content of the email and check for frequent misspelled words or sentences that don’t quite make sense. No legitimate organization will send out an email with multiple typos or poor grammar.

Pro Tip- check for grammar issues rather than typos – scammers will often run their text through a spell checker but are often unaware of more significant grammatical errors.

3. Look for suspicious attachments or links

Unless you’re anticipating a file, never download anything attached to an email. Hackers often disguise malware as legitimate files. Once downloaded, these files not only threaten your data but the data of anyone on your network. The same goes for suspicious links. Always check the URL before clicking the link. Legitimate links will be hosted on the domain name of the company sending the email.

Pro Tip- on a mobile device and unsure how to see the link before clicking? Hold down your finger on the link until the destination pops up to see the URL before you visit.

4. Check for urgent requests or negative consequences

Phishing scams rely on users not taking the time to validate the legitimacy of the requests they receive. The more time a user has to start picking apart the holes in the scam, the less likely hackers will be successful in their attempt. That’s why most phishing scams will contain messaging like “Act now before we cancel your account” or “Time is running out, claim your offer now!” Not only do phishing scams push a sense of urgency on people, but they also threaten negative consequences if no action is taken. This is a clear sign that there is something suspicious with the email you just got. Legitimate organizations will give you time to reset a forgotten password or verify your personal information.



5.   Check for generic salutations

When you sign up for a streaming service, online banking, or a newsletter, that organization usually has at least your first name and will use this in their communications with you. Be wary of emails that start with generic introductions such as “Dear valued member” or “Dear customer.” Even if your email address contains your first or last name, hackers are sending these scams out to hundreds, if not thousands, of people at a time and won’t take the time to include your name. Remember, hackers usually cast a wide net to try and catch just a few users, not spending inordinate amounts of time on one user in particular.

Final advice

An email containing one of the above doesn’t automatically mean your email is a phishing scam. But by paying attention to some of the common signs, you can train yourself to spot suspicious emails more quickly. When in doubt, call the organization (from a number on their actual website, not in the suspicious email!) A quick call to your local bank asking if the email you just received from them is legitimate can save you time, money, and loss of data. You can never be too safe! Keeping yourself safe is just one part of the solution! Check out our article on how to prevent phishing on an organizational level to take it further.


Want to step up your cybersecurity and protect your data? Invest in a cybersecurity audit from Tech Superpowers! We’ll analyze your organization’s security protocols and current systems, giving you concrete and easy-to-understand steps to improve your defenses. Contact us to get started or if you have any questions!

You might like this too.