Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking users to provide sensitive information. If deceived, you could end up granting the attacker access to all sorts of valuable data. The good news is you can often spot an attack. It can be tricky though, so here are things to be on the look out for:


THE DISPLAYED NAME IN THE EMAIL. A name displayed in the “from” box does not guarantee that this is the sender. Take a look at the actual email address it was sent from.

SUSPICIOUS LINKS. If you hover over a link you should be able to see where it is sending you. You should be able to identify it as having the correct root URL of the organization that is emailing you (look carefully!). In most cases, a link URL should match the sender URL. If things don’t line up, be careful. If you click and it directs you to a website asking for a login, don’t proceed.

SPELLING OR GRAMMAR MISTAKES. If it doesn’t look right or sound right, it probably isn’t. This includes odd salutations, a different style of communication than you are familiar with from a sender, or poorly worded phrases.

REQUEST FOR SENSITIVE INFORMATION. If asked for sensitive information like banking information, pick up the phone and call a known number to verify the request.

IMPLIED URGENCY. If someone is making a time sensitive threat such as stopping service or demanding immediate payment, pause before reacting. Stop and think, and verify the information over the phone.

IMAGES THAT AREN’T QUITE RIGHT. If the images or layout of an email seems a bit off, it’s likely an attempt to fool you.

SUSPICIOUS DOMAINS. Many malicious emails use a domain that is close to the legitimate one, but not exactly the same. For instance, you might see instead of The differences can be subtle (a zero instead of an “o”) so it’s essential to look closely.

NON-STANDARD ATTACHMENTS. If the attached file is not one you recognize (like .doc for a word file, .xls for an excel file, or .pdf for a PDF file) be extremely suspicious.