How to Spot a Phishing Email

How to Spot a Phishing Email

A phishing email is a bogus email that is carefully designed to look like a legitimate request from a legitimate business or organization. The goal of a phishing email is to get you to willingly give up your login information to a particular website or to click and download a virus. Many will direct you to a bogus website that looks identical to a real website – such as your bank – where you’ll be prompted to enter login information or verify your data. Others contain links or attachments (such as a PDF or shipping tracking number) instructing you to click on them.

Be wary of any emails from banking institutions, FedEx, UPS, Facebook that ask you to verify information or check the status of an order. So how can you tell a phishing email from a legitimate one? Here are a few telltale signs…


First, hover over the URL in the email (but DON’T CLICK!) to see the ACTUAL website you’ll be directed to. If there’s a mismatched or suspicious URL, delete the email immediately. In fact, it’s a good practice to just go to the site direct (typing it into your browser) rather than clicking on the link to get to a particular site.


Look for poor grammar and spelling errors. It’s true that many cybercriminals are getting better and better at using proper English, but if anything seems off, it’s best to delete the email.


Another warning sign is that the email is asking you to “verify” or “validate” your login or asking for personal information. Why would your bank need you to verify your account number? They should already have that information.


Be on the lookout for emails with urgent requests. Scammers will pressure you into acting quickly. It’s always best practice to stop and think before clicking on a link or entering sensitive information on a website.


And finally, if the offer seems too good to be true, it probably is.