Being tech-savvy isn’t enough to avoid a phishing email attack. Scammers are smart and constantly develop new techniques, and it’s easy to fall prey to them.
But with these tried-and-tested methods, I can easily identify phishing emails.
Unofficial email addresses that look legitimate
Often, you’ll see email addresses that are obviously fake. If they’re a bunch of random numbers and letters followed by the provider’s domain (for example, @gmail.com or @outlook.com), I usually send them to my trash folder without thinking twice. However, sometimes you’ll find fake email addresses that look real.
For example, at first glance, I’ve received emails from my bank and ecommerce stores that are hard to distinguish from official domains. However, when you look closer, you’ll notice that some letters may be missing or added. Scammers often use similar letters and even brand logos as their profile picture.
Thankfully, it’s gotten easier to identify real addresses. Many large companies have placed verified checkmarks next to sender emails; you’ve probably seen this in Gmail. You can also use a number of tools to find and verify email addresses.
Spelling and grammatical errors
Unfortunately, it’s become more difficult to identify phishing emails based on grammar thanks to generative AI and spell checking software; this is one of the many ways hackers use generative AI in their attacks. Nevertheless, I still check for spelling and grammatical errors to determine whether or not an email is legitimate.
If they’re not written by AI, phishing emails are almost always in poor English. I admit I’m a native English speaker, and that gives me a huge advantage, but I don’t think you have to be to recognize these signs. Phishing emails rarely flow well, and you’ll often see spaces between letters and punctuation marks as well.
Most brands prioritize consistency; you’ll see the same capitalization throughout the message. However, since scammers often don’t do this, checking for consistency is a subtle way to determine if an email is legitimate. If every word in the title is capitalized, but not in the email’s headings or subheadings, this could be a red flag. Some phishing emails may also misspell words (for example, “Let’s build a website” instead of “Let’s build a website.” An incomplete sign-off is another potential red flag, although this isn’t always the case.
Personalization
If I ever see an email that begins with “Dear Sir/Madam,” I automatically delete it. In the best case scenario, it’s an annoying scattergun email that definitely doesn’t make me want to work with anyone. But in the worst case, it could be a phishing email trying to trick me into sending sensitive information – like my banking details.
However, phishing emails have gotten a lot more personal now. It’s not uncommon for a sender to use your first name, and they may even go into detail to get information about your friends and family. That’s why you need to avoid several social media mistakes to protect your privacy.
Phishing email senders may also try to identify your recent purchase history. For example, I often receive spam emails when I’m buying an item online (and it’s always related to my parcel delivery). These often include a link with a call to action (CTA).
You may also see phishing emails related to products you’re interested in. These types of scams occur at certain times throughout the year; for example, it’s especially important to stay safe from scams during the holiday season.
Links that don’t match the “organization”
While some links do include a CTA, that’s not always the case. Sometimes, the person sending a phishing email may include a link completely unrelated to the organization they’re impersonating. For example, someone may pretend to be Amazon but share a link to a different app.
Thankfully, these types of phishing emails are pretty easy to identify and avoid. First, most brands that contact you and include a link will probably include some kind of CTA. But even if they don’t, the link will go to their website or the service they use to track and ship orders.
Excessive CTAs, such as multiple emojis, can also be a warning sign that you’re about to click on a phishing email.