How to Identify a Phishing or Spoofing Email

Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. It’s estimated that nearly half of all email threats spoofed a brand in the display name. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name! Check the email address in the header From: – if it looks suspicious, don’t open the email.

Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address, including the domain name. Keep in mind that just because the sender’s email address looks legitimate (e.g, it may not be. A familiar name in your inbox isn’t always who you think it is!

Don’t click on attachments!
Sending malicious attachments that contain viruses and malware is one of the most common phishing tactics (PDF, Word, Excel files). Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it.

Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

Check for spelling mistakes
Businesses are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Analyze the salutation
Is the email addressed vaguely – “Valued Customer”? If so, watch out—legitimate businesses will often use a personal salutation with your first and last name. Not a fool proof rule of thumb though.

Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has a convincing brand logo, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open!

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Flush DNS Cache

Windows operating systems To clear DNS cache on Microsoft Windows, follow these steps: Open a...

How to run a traceroute on Windows XP/Vista/7/8 and MacOS

Running a Traceroute on Windows :1. Go to Start and choose "Run" (start button on the lower left...

How to modify hosts file on windows and linux ?

Below is how to locate and edit the hosts file on several OS platforms. Once the proper domain...

How to setup Chrome Remote Desktop

Step 1 Open Chrome Browser and Sign into Google Account. You need to be logged in to initiate or...

How to modify your hosts file on a mac ?

STEP 1Open the Mac's Terminal. You may either type Terminal on the Spotlight, or by going into...