What is a Phishing Email?

And how to spot common red flags in phishing emails...

phishing illustration

As a least tech-savvy hacking technique, phishing is also the most popular way to get yourself hacked. It involves someone sending you a fake email or text (or even calling you) only to ask for your credentials (username and password) for your online banking account or something similar.

Once an attacker has duped you and has stolen your information or gained access to your device, they can log in to your accounts, change the password, and potentially access other linked accounts.

Phishing is a real problem with an Avast survey showing that 61% of Americans are at risk of falling victim to phishing scams.

Luckily, there are some red flags you should know about in order to catch a phishing email before it can do any damage to you. That’s what this article is all about…

1. The email was unsolicited

Generally speaking, companies don’t send unsolicited emails. So the first thing you should ask yourself is – whether this email comes from a company you know and/or have done business in the past. If it’s an unknown entity – just delete the email without even looking at it. It’s spam and treat it as such.

2. Attention-seeking subject line

Words like “Urgent” and “Important” in the subject line raise a red flag. No bank or any other financial institution has ever sent such an email. These companies are all about security and stability, so even if/when they get hacked – they wouldn’t be spreading panic around. That’s not good for their business.

On the other hand, by using such “shouty” headlines, an attacker tries to get your attention so you would open his/her email and then even click on a provided link.

3. Misspelled email addresses and domains

It has been found that scammers often use an email address that looks very close to a legitimate one. The email address could be “info@somebamk.com” instead of “info@somebank.com” with just a single letter being changed.

What scammers want to show is that the email is coming from the real company (SomeBank) but the domain isn’t right. How can that be? It can – if it’s a scam. So pay attention to spelling as it can be vital.

4. Other spelling and grammar mistakes

Beyond email addresses and domain names, scam emails also often have spelling and grammar mistakes in the message body. Unlike banks which triple check every email they send to customers, scammers don’t have those resources and procedures. As a result, we often get emails with some crazy spelling words.

I remember getting this email: “Your account password expires in 24 hours.”

Wait, what? Shouldn’t “is” be replaced with “will”. It is these kinds of small mistakes that are left unchecked by scammers.

5. Unfamiliar and vague greetings

Your bank has your personal information and in most cases will personalize emails for you, sending you an email that starts with “Dear Dusan” or whatever your first name is.

In contrast, a scammer will send you an email that starts with words like “Dear Company customer”. Because they may not have your first name, scammers opt for generic and vague greetings. And that right there is a red flag.

6. Suspicious links

Say you opened an email not recognizing it to be a scam from the subject line. Now, you should read if and look for links. Check out where they lead. Are they landing on real sites or the domain name is once again misspelled?

Also again, is your action needed “urgently” — cause in most cases, it isn’t. And if you have some doubts, instead of clicking – you’re better off actually calling your bank.

7. Attachments

Except if we’re talking about a monthly statement, your bank seldom sends you attachments. And when they do, they send a PDF file — rather than a Word or a ZIP file.

We don’t advise opening anything except PDFs and perhaps images; for everything else, it’s safer to call your bank and ask them about that attachment. Chances are it was a scammer and not your bank.

Keep an eye out for everything that looks odd

As we’ve noted above, banks and other financial institutions have entire departments responsible for their communication with clients to make sure everything works like a charm. So if you notice something weird in an email, that’s a red flag. You will want to contact your bank and inquire about it. Perhaps they did make a typo but perhaps someone wants to trick you into giving them your financial information.

In a summary, we’ll add that a single red flag is all it takes. It’s your account so keep it safe.