5 tips to spot a phishing email

Cybersecurity expert shares his 5 tips to spot a phishing email. Picture: REUTERS/Mal Langsdon/Files.

Cybersecurity expert shares his 5 tips to spot a phishing email. Picture: REUTERS/Mal Langsdon/Files.

Published May 30, 2024


By: Oliver Page

An estimated 3.4 billion emails a day are sent by cyber criminals designed to look like they come from trusted senders. In an ideal world, you’d be able to trust every email you received. Unfortunately, in the real world, scammers are sending a constant barrage of phishing emails to try and steal your money and identity.

The language is urgent and fear-mongering

You could be warned something bad will happen (for example, you’ll be charged or lose access to an important account) or you’ll miss an amazing bargain or prize if you don’t respond immediately. By implying there’s limited time to fix an error or claim a prize, the scammers are hoping you’ll be less likely to think twice about what you’re doing.

The message content is poor or garbled

Reputable firms would never start an email with a generic or impersonal greeting such as ‘Hi’. Similarly, instances of misspelling or bad grammar should ring alarm bells. If the email is littered with spelling and grammar mistakes, it clearly indicates the sender isn’t using tools such as Grammarly or Word’s spellcheck; it would be extremely unlikely for genuine companies to not proofread official emails, so repeated or obvious errors should always clue you in to the fact that something is amiss.

The Sender address or domain name is suspicious

If the message purports to come from a major organization (e.g. Paypal), the email address should match the company’s name (e.g. @paypal.com). Genuine companies will never use a service like Gmail (@gmail.com) to communicate with you.

If the spelling of the domain name is incorrect, this should be immediately concerning. A scammer may have created a copycat address that slightly varies from the genuine company name (e.g. apple1.com) in the hope that you won’t check too closely.

Scammers are most often after one of the following:

  • Your social security number
  • Your bank details
  • Your card numbers
  • Your contact information

If you’re unsure, never supply this data online. If the sender wants to send you money, be suspicious if they ask for your bank details first.

The email contains unknown attachments or links

Don’t access any attachments if they have strange file names or extensions. Clicking on ‘.zip’ means you’d unzip files onto your computer, and ‘.exe’ would run a software program on your device.

These attachments could release computer viruses or malware, while suspicious links could take you to fraudulent websites. Trustworthy companies would be more likely to use platforms such as Dropbox when supplying extra documents.

You should also beware of vague and unexpected messages purporting to be from well-known companies, the authorities or the government, or your bank, as well as any email promising unbelievably good offers like free vacations or big-ticket items.

* Page is the CEO of CyberNut.