Identifying Phishing Email Scams: What to Look For

May. 20, 2020

1:00-2:00AM PST

Whether you have opened them or not, you have probably received at least a few emails that seem to be from your bank, the IRS, or another organization that has important information about you. They may claim your account has been blocked, or something needs to be updated because of a change to their policy. The email usually has a link to click to correct the error they are claiming exists or to verify your identity, and from there, they want you to provide personal information like your Social Security number or a certain password. These emails are phishing scams.

These emails are created by hackers and the links in them will lead you to fake websites — that usually look close to the real thing — in an attempt to steal your information. Just by clicking the link, you may be putting your information in danger; the links often bring viruses with them and can also put malware and spyware on your computer. Hackers have been working on their techniques for years to prey on unsuspecting victims to steal their identity and bank information. Unfortunately, this can sometimes make these emails difficult to recognize right away. 

Recognizing Phishing Attempts

While it can sometimes be difficult to tell at a glance if something is a phishing email, there are a few telltale signs that an email is a phishing scam. Here are a few things to look for when you receive a questionable email.

The “From” Address

One sign that an official-looking email is phishing is the email address it came from. If you look closely at the email address, it usually has a Gmail or Yahoo ending, or a similar one using like-letters. For example, a phishing email that claims to be from US Bank might have email@vsbank.com. Notice the "U" is actually a "V." This is a little trick of the eye that a scammer will use to make it seem like a legitimate email. If you ever think an email address is questionable, do not follow the link. You can always call the organization the email claims to be from to check if the email is indeed legitimate.

Urgent Call to Action

A scammer may try to use an urgent call to action to scare you into clicking on the link in the email without thinking. These types of messages may:

  • "Say they’ve noticed some suspicious activity or log-in attempts”
  • "Claim there’s a problem with your account or your payment information”
  • "Say you must confirm some personal information”
  • "Include a fake invoice”
  • "Want you to click on a link to make a payment”
  • "Say you’re eligible to register for a government refund”
  • "Offer a coupon for free stuff"
  • Claim an account will be closed if you do not act now

Generic Greetings

Phishing emails are usually generic because they are created to be sent out to hundreds, if not thousands of people all in a single batch. They also typically do not have your name, just your email address, so they cannot personalize an email like the real organization would do.

Emails that start with "dear customer/member" and things along those lines may be a phishing attempt. Most businesses these days will address you by name if they have your name.

Poor Spelling and Grammar

Businesses usually have decent spelling and grammar in their emails to customers, because it is professional, and if something is filled with poor spelling and grammar, it is hard to read, and you will probably not read them. A phishing email is usually full of spelling and grammatical mistakes, making this a potential sign that the email you are looking at is a scam.

Inspect the Link

When you hold your mouse over a link in an email, the full link will be displayed in the bottom left corner of your screen. If you are on your phone, you can press and hold your finger down, after a few seconds a box should pop up in the middle of your screen that displays the full link. Here is where it gets tricky; just like when they make the return email appear to be real by using slight spelling tricks, they can deploy that strategy here too, using phony websites that look like the real URL.

To use our US Bank example again, you may see the link displayed as “uvbank.com,” “usbnk.com,” or “usbnak.com.” The letters have been changed, removed, or transposed in these three examples. If you were to quickly glance at the link without scrutinizing it, you might not realize the mistake.

The Promise of Money

There are a few variations on this type of scam email. This may be the longest-running type of internet scam out there because it works. In 2018, Americans lost over $700,000 to this type of scam, according to a report from ADT.

You receive a random email that tells you a sad tale about this person who has a large sum of money and for just a small payment from you, they can access it and will share it with you. If you pay it, they may invent further fees they need help to get to the money, but they promise they will pay as soon as possible. These people will take as much money from you as possible then vanish forever.

Another version asks for your bank account information to transfer their large sum of money to you to keep safe on their behalf; victims of this scam often end up with empty bank accounts.

Yet another version is some distant relative you have never heard of has died and left you a considerable amount of money. The person sending the email needs something from you before they can send you your inheritance.

What to do if You Get Scammed

If you think you may have fallen victim to a scam, there are a few things you can do:

  • Run a virus scan on the computer you opened the email from.
  • Change your passwords on a different device than the one you opened the email from.
  • Contact your bank.
  • Report the scam to the FTC.

Tips to Protect Yourself

To help avoid falling prey to email scams, do not click on any links that may be suspicious or download attachments in emails. Take a moment to scrutinize any email you get that may seem suspicious, following our criteria above.

You should feel safe when you check your email, and one way to do that is to contact an email encryption company to give you an extra layer of protection.

Try Trustifi Today

EMAIL SECURITY PLATFORMS
FOR BUSINESS

See if Trustifi Is Right for Your Organization