How to spot if an email is a phishing attack?

One of the biggest problems in online security is the phishing email. So many unsuspecting people fall pray to this sort of attack that the incidence of phishing is actually on the increase. Phishing for financial gain is certainly on the rise and you could even be the next victim of this sort of phishing attack.


To avoid being a potential target, here are four things to look out for that show whether an email is safe or potentially dangerous.

1. If the Email is Unsolicited

Legitimate companies never email users asking for personal information. Neither would they send an email unannounced asking you to download an attachment. No matter how real the email looks, if it is unsolicited and it is asking you to do something, it is most likely a scam.

This is especially true for phishing attacks pretending to be from your bank. According to data from Kaspersky Labs, for the first time in 2016, the detection of phishing pages which mimicked legitimate banking services took first place in the overall chart, leaving the long-time leaders of this chart - global web portals and social networks - way behind.

2. If the Email Exhibits Poor Grammar and Spelling

Emails from legitimate sources generally make sure that there are no typos, no spelling errors, and good grammar. Professional companies have teams of people dedicated to proof reading all marketing material that it sends out. Hackers often lack these good writing skills. As well as this, they may not have English as their native tongue. If this is the case, you can assume that a foreign criminal probably wrote the text in their own language and then used a translation tool to convert the text into the English language.

This means that if you have an email purporting to be from your bank and it has various examples of bad spelling and grammar, then it is most likely not from that bank but from a criminal.

3. Beware of Mismatched URLs

Criminals try to fool victims into clicking on links that to the average reader look like the real URL of a legitimate website, but the hyperlink is actually a URL belonging to a criminal. You can prevent visiting the link by hovering you mouse arrow over the link, because most browsers will display the real URL link at the bottom of a browser window. If that URL in the email does not match with the link the arrow hovers over, it is most likely a fake that could lead you into a phishing trap.

4. Beware of fake URLs in your Email

Legitimate emails will feature URLS that lead back to an official website of a company. The URL will have a straightforward name (i.e. yourtrustedbank.com). A criminal will try to make a URL look like a real website as much as possible, such as yourtrustedbankp.com). Users should always check any link before clicking on it. Better still, always check a URL by cutting and pasting the link into a search engine, like Google. A scam should reveal itself in the first page of search engines results.

This type of phishing activity is not just limited to banks, according to Kaspersky's research, criminals have even created fake URLs containing the word ‘steam’ in order to make the URL even more like the original, which could deceive inexperienced gamers who play games using the Steam program.

So make sure you never click on a link, or download an attachment, without checking that the links are genuine.

Leave a Reply