Telltale signs of a phishing email

Telltale signs of a phishing email

Are you sure the email you received from the World Health Organization (WHO) is actually from them? Cybercriminals often use emails purporting to be from reputable organizations to steal information or spread malware. These emails coax you into clicking on various kinds of content and, ultimately, divulging personal or confidential data.

This technique is called phishing. Once a cybercriminal gets hold of your information, they can use it to steal your money or commit identity theft. Worse, they can create a backdoor into your system to install malware or gain access to sensitive data.

Phishing emails today no longer mention a Nigerian prince or other royals asking for help, and are designed to be as convincing as possible. However, most still contain subtle hints of their fraudulent nature. Here are seven telltale signs of a phishing email.

1. Requests sensitive information

Chances are, if you receive an unsolicited email that requires you to provide sensitive information such as passwords, credit card information, or tax numbers, it’s a scam. Legitimate companies will never ask for confidential details via email. They will more likely give you a call or ask you to visit their office if they want to relay or request any pertinent information.

2. Does not mention your name

Scammers often cast a wide net, so check for overly generic salutations such as “Dear valued customer” or “Dear account holder.” But there are emails that do away with salutations altogether, especially those designed to look like advertisements or promotions.

Take precautions if your name isn’t anywhere in the email. Also, be wary if you are CC’d but don’t know the other people the email was sent to.

3. Mismatched display name

Phishing emails often imitate official display names and email signatures but are sent from dubious email addresses. For instance, a message from an email address ending in @who.1nt is fake, since the official domain of WHO is

If you’re unsure what email addresses are real or official, a quick Google search can help. You can also use sites like WHOis and ICANN to confirm the owner of a specific domain name.

4. Poorly crafted content

The easiest way to spot a scam email is bad grammar. Keep an eye out for imperfect spelling, punctuation, and syntax. Any official correspondence from a reputable organization should look professional and be well written.

5. Contains unsolicited attachments

Unsolicited attachments should always arouse suspicion. More often than not, legitimate companies don’t send emails with attachments and instead direct recipients to download documents or files from their official website.

But sometimes, organizations that already have your email may send you files, such as a credit card statement, that need to be viewed or downloaded. In such cases, be wary of potentially dangerous file types, including .exe, .scr, and .zip. Just to be safe, you can contact the organization directly (using their official communication channels) to verify if the email and attachments are authentic.

6. Forces you to go to their website

Don’t randomly click around an email message once you open it — phishing emails are sometimes coded entirely as a hyperlink. Be cautious when your cursor changes into a hand pointer while hovering over any element in an email. Accidentally or deliberately clicking on a hidden hyperlink may open a fake web page or download malware onto your computer.

7. Contains mismatched links

There are instances where links don’t actually lead to the stated URL. You can hover over a link (without clicking it) to reveal the target URL — if it’s different from the indicated link, it’s a sure sign that the email is fraudulent.

Related article: 5 Most common security breaches

Related article: 3 Simple security tips to prevent data theft

Even if your business has the most advanced security system in the world, it takes only one unwitting employee to expose the confidential information you’ve worked so hard to protect. Partner with us at WDIT and together, we can create and implement a comprehensive cybersecurity strategy and a security awareness training program for your Connecticut business. Call us today to learn more.

Leave a comment!

Your email address will not be published. Required fields are marked *

Need help navigating technology to grow your business? Our FREE eBook will be with you every step of the way.Download now