How do you know if you received a Phishing or Spoofing Email?

check markLook carefully at the display name – Email Address

Ex: the bank doesn’t have a domain called “secure.com”

Look but don’t click

Hover your mouse over any URL links embedded in the body of the email, but don’t click on it. Open a new browser window and type the website to test OR call the company.

Review for spelling mistakes

Emails that are authentic, usually do not have major spelling mistakes or poor grammar.

Inspect the salutation

Beware of emails address to “Valued Customer” most businesses will often use your first and last name.

Don’t give out personal information

Look for a “lock” icon at the bottom of your browser and make sure “https” appears in front of the Web address before submitting any personal or financial information this will tell you the information being transferred is secure.

Beware of urgent, unrealistic or threatening language in the subject line

Example: Your Storage is almost full, click here to sign in and verify your email to get more storage OR RPI needs you to put in your username and password to authenticate (RPI will never ask for this information)

Review the signature

Legitimate businesses will always provide contact details.

Don’t open attachments

If you were not expecting this attachment don’t open it.

Don’t trust the header from email address

Header lines identify particular routing information of the email – you will want to look up how to view header information for your email application

Something doesn’t look right

Even though the message includes convincing brand logos, language and valid email address – if it looks suspicious, don’t open it.

 

References: http://consumersunion.org/news/dont-get-hooked-tips-for-avoiding-phishing-and-spoofing/

https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/