Recognizing a Phishing Email

Remember the ‘good old days’ of email (like 12-15 years ago) when the most menacing thing we had to worry about was too much advertising spam!  We still have advertising spam by the virtual truckload but today we have yet another thing to add to our email worries: Phishing attempts.  Phishing is a cleverly disguised email, made to look like it came from a trustworthy source, designed to steal your sensitive information, or worse, simply (and naively) convince you to give it away.

Phishing emails try to get you to do one of two things: first, to simply hand over sensitive information and second, to download malware which more often than not contains ransomware.  Ransomware is very, very bad.  It will literally take ALL THE DATA on your PC (or server) and encrypt (lock) it so as to make it unusable to you.  In order to get the “key” and de-crypt the data back to normal, you must pay a ransom.  Usually this ransom payment is around $500 and must be paid in Bitcoin or other non-traceable methods.

So, how can you spot a clean and legitimate email from one that is malicious and harmful.  Here are just a few of the many ways to spot a phishing email.
1.       If an email is asking you to change passwords, look first at the “From” portion of the email.  Be sure it came from your IT department, bank or other institution where you have a valid login account.
2.       If an email is asking that you log into a web site, be wary.  For example, YOURBANK wants you to log in and verify information.  The email looks exactly like an email from YOURBANK.  To be sure, “mouse over” the link.  This means DO NOT CLICK THE LINK but put your mouse on the link.  Now look at the lower left of your screen.  That area will show you the web site that link will take you regardless of the name of the link.  If its not YOURBANK.COM, its better left alone!
a.       More information on “mouse over” can be found at the XLN web site; 
3.       Check the email address of the “From” field.  You may be expecting an email from but the field may say or something other than the email address you know it should come from.
4.       If there are multiple spelling or grammatical errors, chances are it’s a phishing email.
5.       Emails that encourage for you to act immediately.  – “Urgent Action Require” or “Act now or your Account will be closed”.  Again, chances are it’s a phishing email.
6.       The IRS or Law Enforcement will NEVER email you for information or ask that you call them.  The IRS will ONLY send letters in the mail.
If you encounter such an email, DELETE it!!!  Then notify someone in authority so that others can be warned.  When told to do so by your IT department, “Empty the Wastebasket” as well as your Trash and Junk folders.
Now you’re free to move on to the next email advertisement, I mean, business email.


Popular posts from this blog

Fighting Cyber Threats - the Small Business Way (Part 1)

Welcome to the first in a series of recommendations on Passwords (Part 1)