
From
If the sender’s email domain is not from the place it’s claiming to be from (ex: Citi Bank’s email domain may be jsmith109@hack.net). Perry said this is a dead giveaway when it comes to identifying phishing emails. Typically, if a government agency is contacting someone, they would use a “.gov” account instead of a “.com” or “.net” account. “Consumers really need to just look at the return address,” Perry said.
Subject
If there are misspellings in the email and the subject seems unprofessional. Perry said another key to spotting phishing emails is checking an email’s grammar: “Grammar should be good.” If there are typos or if the nature of the email seems off (ex: very casual tone in an email supposedly originating from a professional organization), it is likely that the email is a phishing attempt.
Dear
If the recipient is addressed as “customer,” and not personally mentioned. Phishing scammers often send an email that uses a basic name, such as “customer” or “consumer.” However, if a phishing scammer has your name, they may add it in to make the email seem more legit. “They will run off the person’s personal information,” Perry said.
Please
A sense of urgency (something needs to be done immediately) or asking the recipient to give up excess personal information. Phishing emails often ask for an individual’s sensitive information, like your social security number or mother’s maiden name. They often use urgency to persuade whomever they’re trying to scam to act on impulse. “When it comes to phishing, you have to realize that when you’re online, you just don’t provide certain information,” Perry said.
www
If the link is broken, the website is fake, or the URL doesn’t match the website’s real URL (ex: banking emails should go to the bank’s URL, not a random URL site) or if the site seems phony. Those fake sites will often ask for very personal information, such as someone’s social security number. “Because the consumer feels as though they’re on a legitimate site that they have a relationship with, they don’t have a problem providing that information,” Perry said. Legit sites usually can be checked by simply looking them up on a search engine or checking the actual URL link.