How good are you at recognizing phishing scam emails? Practice makes perfect. Take a look at this email we received, and see if you can spot the tell-tale signs that it's a phishing email.
How many red flags do you see in this email?
We see eleven red flags in this short email.
The email is unsolicited. We were not expecting an email from this sender.
- Unusual sender.
The email comes from an unusual address. The sender's name says "redearthdesign.com" - not in itself an email address - and the address shown is - nothing to do with redearthdesign.com.
- Unusual punctuation.
The greeting is missing punctuation.
- Unusual capitalization.
The email includes unusual capitalization in the word "E-Mail."
- Grammatical errors.
The email includes a grammatical error: "your email... have reached."
- Implied threat.
The email contains a threat: most of your incoming email will be placed on hold. Therefore, it won't be accessible to you until you do something about this situation. You may feel concerned that you won't be able to access your emails. But take a closer look at the logic: Most? Why not all? If your email account were actually at its quota, ALL incoming emails would bounce back to the sender. So this threat doesn't even make sense.
- Sense of urgency.
There is a sense of urgency implied: you are "required" to run a verification "now" to fix the situation.
- Email asks you to click on a link.
There is a link. A link in an unsolicited email should always be treated as highly suspicious. The first thing to do is mouse over the link to see the actual website it is sending you to. In this case, it is sending the user to peplus.hr, which is not a website we are familiar with and has nothing to do with any mail service we know. If you still aren't sure after mousing over the link whether it is legitimate or not, and the email purports to be from a known service like your bank or credit card company, the best thing to do is go to the website through your web browser, log into your account that way, and look for alerts in your account, rather than clicking on a link in an email.
- Illogical text and context.
"No further action is required" - how is this possible, since they just told use we were "required" to click the link and "run a quick verification"? Some action is required, right?
- Unusual signature.
Email is sent from vague or ambiguous sender: "redearthdesign.com Administrator." Who is this? In this case, we are the only "administrators" of our account, and clearly none of us on the team sent this email.
- No way to verify content independently.
The email signature does not contain any way to contact this person or service, via a website, email, or phone number. Neither the sender email nor the button link correspond to any known service. If the email signature did contain a website or phone number, you could go to the website independently to verify the veracity of the information. However, if the website mentioned is not one you're aware of having any accounts with, we recommend you just skip it and delete the email after marking it as spam.
It's clear from the warning signs above that this is a phishing email. Do not click on emails like this. Mark them as spam and put them in the trash.
Do you see any red flags we missed in this email? What other signs have you seen in other emails that have alerted you to scams? Let us know in the comments. Want to try another? Check out Google's phishing quiz.