How to Spot Phishing Emails

Secure Cloud
“Phishing” is the process through which criminals attempt to steal you from you by getting you to respond to an email that appears to be legitimate.  Here is what to look for to avoid the trap.

URL Mismatch: Hover the mouse over any URLs in the email message and see if the destination URL matches what is in the message.  If not, you have a mismatch and you won’t land where you expect.

Misleading Domain Name:  If the link has an awkward domain name that does not end in a domain you know and trust, be afraid.  Scam artists will use domains like, hoping you think the link is related to Apple.

Poor Spelling or Grammar:  Companies that send emails to customers proofread them for proper English.  While mistakes happen, if the message reads “we please to lower your car payment”, it is likely trash.

Asks for Personal Information:  If any message — from your bank or your best friend — is asking for personal information like account numbers, credit card numbers, or the answers to your security questions, you are being phished.  Banks and companies you deal with already have this information, there is no need to ask.

Seems Too Good to Be True:  If it seems to good to be true, it probably is.  Enough said.

You Did Not Initiate the Action:  If the email tells you won a contest that you did not enter, or is responding to a call that you did not make, hit the delete button.  Most of these scams will ask for money to pay for award fees or taxes on a prize you did not win.

Wild Threats:  Banks, and even companies trying to collect past due accounts, will not make threats with unrealistic or wild consequences if you do not respond in a certain way. Legitimate collection notices will ask for payment or for you to contact them, they will not ask for account or personal information and threaten to seize assets or contact the police if you fail to respond to the email.  Legitimate companies will also provide a means to call.

Email from The Government:  In the US, the IRS, FBI, and other agencies do not initiate communications via email, they will send you a letter (or a subpoena if it’s really serious).  Be extra suspicious if the message contains a threat or dire consequence.

Not Quite Right:  If the message does not look right — if your gut is suspicious — you are probably right.  Delete the message.