Do you recognize phishing emails when they come in? Some will make it past your email’s spam detector, so you need to know how to recognize a phishing scam email.
Phishing scams generally pretend to come from someone you’d trust. They may impersonate a large company like Microsoft or Google, an official body like the IRS, or a smaller, vaguer entity like the “webmail” in this example. A lot of people do use webmail, so it’s a safe bet that if they send out enough emails, someone will click on the links.
How do we know this is a phishing email?
- Look at the sender’s name and address.
This email says it is from “redearthdesign.com Administrator”, which is vague. The email address is “email@example.com”, which doesn’t match up to anything in the sender’s name, and doesn’t make sense.
The “webmail” reference and “We Have Updated Webmail” are both vague as well.
Note the misspelling of “losing,” which is typed as “loosing.” An official company should use proper spelling and grammar.
- Threat or sense of urgency.
The sense of urgency is downplayed a bit in this email, without words like “now” or “immediately,” but the threat is still present. The sender claims your email won’t work properly and you may lose “data” or “settings” if you don’t update. In this case, the threat shows up as caring advice, as they encourage you to “kindly” click below without the urgency typical of most phishing emails.
- Logos in the footer.
In the email footer, the logos give the impression of respectability and trustworthiness. But CPanel is software, and wouldn’t normally be sending you emails. Why would “Webmail” have a Facebook or Twitter page?
- Mouseover the links.
If you’re not sure about those links, use your mouse and hover over them. You can see here that the cPanel link has nothing to do with cPanel at all. The Facebook link goes to Google.com, and the Twitter icon isn’t even a link at all.
On mobile devices, you may be able to hold your finger down on the link to view it before accessing it. (Test this on your device on a known, safe link before testing it on a suspected phishing link!)
Would you have picked up on this phishing scam before clicking? Check out our phishing scam red flags post for more signs of a phishing email.
This article provides more information about how to tell if links in an email are legitimate or not.
If you’re not sure about an email you’ve received, try these steps to confirm whether it is real:
- Google terms from the email to see if other people have received similar emails, and whether they are scams.
- Mouseover the links to see where they go and whether they match up to where they say they go.
- Instead of clicking on a link from an email, type the web address of the company in your browser directly and log into your account that way. In this email, there is no real company named – all the more reason to NOT click on a link from the email!
- Ask your web-savvy friends. You may have friends who can help you spot the red flags. Ask them.
- Contact your trusted web developer and ask his or her opinion.