How to spot a phishing email

Phishing, derived from the English word fishing, is a form of electronic identity theft, in which a combination of social engineering and website spoofing techniques are used to trick a user into revealing sensitive personal information such as passwords, payment card details and ID numbers. The perpetrator of a phishing attack often pretends to be a trustworthy person like a legitimate client or an individual from a well-known banking institution.

E-mail phishing is one of the most commonly used attack methods and it is important to identify such e-mails to remain safe. Below are some tips on how to identify a phishing e-mail:

1. Where is the e-mail coming from?

Always look carefully at the e-mail sender address to confirm the true sender by hovering your mouse over the “from” e-mail address.

2. Don’t just click!

Phishing e-mails sometimes come with URL links that lead you to malicious pages. These pages often ask for personal information or download malware used to gain access to your computer. Place your mouse on the URL link to reveal the true address before clicking on it.

3. Be very careful with attachments

Be careful when you receive unsolicited attachments to e-mails. Check the file extensions and never open high-risk attachments like .exe, .zip and .src files. The attachments usually have catchy titles or very long names and are often disguised as common files such as Microsoft Excel.

4. Check the e-mail signature

Reputable companies often include a signature with sender information and additional company information for business communication. E-mails that do not have signatures can be a phishing attempt.

5. Spelling errors

The easiest way to pick out a phishing e-mail is spelling and grammatical errors – most legitimate organisations invest time in checking spelling and grammatical errors before sending e-mails.

6. Consider the salutation

Generic e-mail salutations like “dear account holder”, “dear customer” are typically used in phishing e-mails. Sometimes these phishing e-mails do not have a salutation at all.

7. Is the e-mail asking for personal information?

If you receive an unsolicited e-mail from any institution asking for your personal details, run! It is highly unlikely that your bank will ask for your account details, personal information or request to reset your password over e-mail. It’s a scam!

8. Beware of urgency

E-mails that require you to take urgent action, like making a payment urgently, should be treated suspiciously even if they look legit. Even if the email looks legit, it is best to verify this by verbally speaking to the sender to confirm urgency.

Whilst this article highlights the most common e-mail phishing techniques it is not exhaustive. Hackers are always coming up with new attack techniques so be on the lookout for suspicious e-mails. A good rule of thumb is: if you are not sure about a link in an e-mail, don’t click on it. In addition, when you identify a phishing e-mail delete it or reach out to your IT team for help.