Spotting a Phishing Email

Javi Fondevila

One day you are sitting at your computer when all of a sudden, an email drops into your inbox. It’s from PayPal and the email states that your account has been locked due to unauthorized use—somebody has tried to guess your password one too many times.

To re-enable your PayPal account and get back in, you need to click the link that PayPal has sent in the email in order to change your password.

Stop right there!

This is a Classic Phishing Email

The email you have received isn’t actually from PayPal; it is a phishing email sent to steal your password and/or scam you.

Despite the email looking legit—no grammar faults, proper branding, and seemingly sent from a real @paypal.com email address—it is not. The email is simply a very well-made phishing email and the information in it is false. Your account has not been locked and you do not need to change your password.

This is just one example of many. Thousands of phishing emails, all differing in substance and complexity, are sent to thousands of people throughout the world each day. Many of these people will fall victim to the scams they contain and have their identities stolen, accounts hijacked, and bank accounts emptied, among other nasty things.

How to Spot a Phishing Email

For most seasoned internet users, spotting a phishing email isn’t difficult. Most of the time they end up in the spam filter, anyway.

However, studies have suggested that as many as 80 percent of internet users would find it difficult to identify a phishing email and differentiate one, particularly one that is well-made, from a legitimate email.

It isn’t just novice internet users, either; 94 percent of internet or information security experts have been duped by a phishing email at least once during their careers.

Here are a few go-to methods for spotting a phishing email.

1. URLs contain a domain that is mismatched or misleading

This is the easiest way to spot a phishing email. Mismatched URLs or URLs that contain an incorrect or misleading domain name are a dead giveaway. People who deploy phishing emails rely heavily on technological ignorance and part of this ignorance is not knowing how URL (DNS) naming structures work.

A mismatched URL may look legitimate—www.google.com—but if you click or hover over it, you will notice that it leads to somewhere else, in this example it goes to Facebook. If a hyperlinked address is different from the address that is displayed, chances are it’s a phishing attempt.

Also, scam artists may create a child domain of a legitimate address such as paypal.scamdomain.com. People see the word “paypal” and click without thinking.

2. Lots of grammatical mistakes and poor spelling

Another classic example is an email laden with mistakes.

Whenever a legitimate organization sends out an email, it has usually been checked three, four, five or more times for errors. If a message purporting to come from PayPal or another large company is full of errors, then it most likely didn’t come from them.

This is a very simple one.

3. The email is asking for personal information

It does not matter how legitimate an email may look, it is almost always a bad sign if it is asking you for personal information.

Your bank will never need to ask for your full name and date of birth to confirm your account number. Google will never ask you to disclose your password and recovery information. PayPal will never ask you to send them your phone number.

Companies don’t ask for personal information, especially via email, full stop.

4. Something seems too good to be true

If something seems too good to be true, it almost always is.

Got an email making big claims and promises? Perhaps you’ve been sent $5,000 but the bank needs to confirm some of your information before they can finalize the transaction.

It’s a scam—delete the email.

5. The email contains threats

Some brazen scam artists will make ridiculous and unrealistic threats to try and scare you into doing something.

Again, a classic example of this is an email saying that your bank account has been compromised and if you don’t fill out and submit the attached form alongside two copies of your ID, your account will be closed, and you may be subject to legal action.

We recommend