Detecting phishing

You can protect yourself against phishing by carefully reading every message that hits your inbox.


A message is phishy if it has the following things in it.

  • It is asking you to update or fill in personal information. Always remember that a reputable business does not ask for personal information via email.
  • The "From" address imitates a legitimate address, especially from a business. A favorite phishing tactic among cybercriminals is to spoof the display name of an email.
  • It contains mismatching URLs. The URL shown on the email and the URL that displays when you hover over the link are different from one another.
  • It begins with a vague statement like "Dear account holder". Reputable companies will have your name in the salutation, opposed to "valued customer" or "to whom it may concern".
  • It is badly written and contains typos, misspellings, unnecessary capitalizations. Legitimate messages usually do not have major spelling mistakes or poor grammar.
  • It contains attachments from unknown sources that you were not expecting. Including malicious attachments with malware is a common phishing tactic.
  • It sounds urgent or threatening. Invoking a sense of urgency or fear is a common phishing tactic. Beware of messages trying to scare you into acting without thinking.