Phishing Emaill
FromSubjectDearPleasewwwSignature

From

If the sender’s email domain is not from the place it’s claiming to be from (ex: Citi Bank’s email domain may be jsmith109@hack.net). Perry said this is a dead giveaway when it comes to identifying phishing emails. Typically, if a government agency is contacting someone, they would use a “.gov” account instead of a “.com” or “.net” account. “Consumers really need to just look at the return address,” Perry said.

Subject

If there are misspellings in the email and the subject seems unprofessional. Perry said another key to spotting phishing emails is checking an email’s grammar: “Grammar should be good.” If there are typos or if the nature of the email seems off (ex: very casual tone in an email supposedly originating from a professional organization), it is likely that the email is a phishing attempt.

Dear

If the recipient is addressed as “customer,” and not personally mentioned. Phishing scammers often send an email that uses a basic name, such as “customer” or “consumer.” However, if a phishing scammer has your name, they may add it in to make the email seem more legit. “They will run off the person’s personal information,” Perry said.

Please

A sense of urgency (something needs to be done immediately) or asking the recipient to give up excess personal information. Phishing emails often ask for an individual’s sensitive information, like your social security number or mother’s maiden name. They often use urgency to persuade whomever they’re trying to scam to act on impulse. “When it comes to phishing, you have to realize that when you’re online, you just don’t provide certain information,” Perry said.

www

If the link is broken, the website is fake, or the URL doesn’t match the website’s real URL (ex: banking emails should go to the bank’s URL, not a random URL site) or if the site seems phony. Those fake sites will often ask for very personal information, such as someone’s social security number. “Because the consumer feels as though they’re on a legitimate site that they have a relationship with, they don’t have a problem providing that information,” Perry said. Legit sites usually can be checked by simply looking them up on a search engine or checking the actual URL link.

Signature

There are several things you can assess in the email signature for authenticity. The key  elements to consider: misspellings or unusual variations in the sender’s name and title, the company name and brand identity not matching the company’s official brand, contact details such as phone numbers and addresses not aligning with the legitimate contact information of the company, and website links that, when you hover over them to preview the actual URLs, do not lead to the official domain of the organization.