How to spot a phish

Phishing emails are some of the most common online threats, so it is important to be aware of the revealing signs and know what to do when you encounter them. Here are five ways to spot phishing attacks.

Lesson #1: Watch out for emotions

It is common for phishing emails to play on emotions in the recipients. The email may claim that your account has been hacked and you must reset your password by clinking a link. The email may also state that your account will be closed if you do not act immediately. Emails conveying greed, urgency, curiosity or fear may indicate that the email may be a phish.

Lesson #2: The email asks you to confirm or enter personal information

Emails may match the style of your company or that of a business, as hackers can go to painstaking lengths to ensure that it imitates the real thing. When this authentic-looking email makes requests that you wouldn’t normally expect, it’s often a strong giveaway that it’s not from a trusted source after all.

Lesson #3: Attachments

Alarm bells should be ringing if you receive an email from a company out of the blue that contains an attachment, especially if it relates to something unexpected. The attachment could contain a malicious URL or Trojan, leading to the installation of a virus or malware on your PC or network. Be cautious of opening any attachments from an unknown source.

 Lesson #4: Examine signatures, sender address, email tone

In today’s busy society, it’s no wonder that phishing is the No. 1 way to get credentials. People do not have the time to examine the emails that are being sent to them. The best way to spot a phish is to take a couple of seconds to examine the email. Signatures that are overly generic or do not follow company protocols, addresses that do not match the sender’s name, or if the tone of the email sounds strange could all indicate that the email is a phish.

Lesson #5: Beware of links

Links are a popular way for hackers to redirect you to forged pages to steal your credentials. Before clicking a link, roll your mouse pointer over the link and see if what pops up matches what’s in the email. If it doesn’t match, don’t click.

If you suspect that an email is phishing, report it by clicking the “Report Phishing” button within your email.  If you are a mobile user, forward the email to ReportPhish@umich.edu.

Additional Information can be found on the Safe Computing website.