Phishing emails are deceptive messages that appear to be from legitimate sources but are actually designed to steal sensitive information, like your passwords, bank details, or credit card numbers. Falling victim to a phishing scam can have serious repercussions, both personally and financially. Fortunately, by knowing what to look for, you can significantly reduce the risk of being duped. Here’s how to spot a phishing email:
1. Check the Sender’s Email Address:
- Often, phishing emails will come from addresses that look suspicious or slightly misspelled.
- For example, an email claiming to be from “[email protected]” with a zero instead of an “o” is likely a scam.
2. Look for Generic Greetings:
- Phishing emails might use generic greetings like “Dear Customer” instead of your name. Genuine emails from services you use will typically address you by your full name.
3. Examine the Content:
- Be wary of emails that urge you to act quickly. Phishers often use scare tactics to get you to respond impulsively.
- Watch out for poor grammar and spelling. Many phishing campaigns originate from non-English speaking countries.
4. Check for Suspicious Links:
- Hover over any links (but do not click) to see where they lead. Be cautious if the link address looks strange or doesn’t match the purported sender’s website.
- Ensure the link starts with “https://” — the “s” denotes a secure site.
5. Be Skeptical of Requests for Personal Information:
- Legitimate businesses will never ask for sensitive information like passwords, credit card numbers, or Social Security numbers via email.
6. Check for Unsolicited Attachments:
- Be cautious about opening any email attachments unless you’re expecting them. They might contain malware or viruses.
7. Consider the Tone:
- An email that sounds too good to be true (like winning a lottery you didn’t enter) probably is.
- Similarly, unexpected warnings or threats (like an account suspension) are common phishing tactics.
8. Verify with the Source:
- If an email claims to be from a particular company or person you know but seems suspicious, reach out to that company or person directly using a phone number or email address you trust (not the one provided in the suspicious email).
9. Check for Personalized Information:
- Many genuine emails from companies you do business with will include some piece of information that demonstrates authenticity, like the last four digits of your account number.
10. Use Email Filters:
- Most email providers offer filters that can help catch phishing emails. Ensure your settings are optimized to filter out potential threats.
11. Stay Updated:
- Phishing tactics evolve, so it’s important to stay informed about new methods. Regularly checking websites like the Anti-Phishing Working Group or the Federal Trade Commission can keep you updated.
While technological advancements have made phishing emails more sophisticated, staying vigilant and informed can go a long way in protecting yourself. Whenever in doubt, always err on the side of caution. It’s better to verify an email’s authenticity than to become a phishing scam’s next victim.
About the Author:
Matt Cohen is Principal, Advisory Services at CoreLogic. Matt has been providing technology and management consulting as well as information security audits and presentations for the real estate industry for over 25 years. Matt has spoken at many industry events, has been published as an author in Stefan Swanepoel’s “Trends” report and in a variety of real estate association magazines, and he has been honored by Inman News by being listed as one of the 100 Most Influential Real Estate Leaders in 2013.
Clareity by CoreLogic is an identity and authentication provider to Real Estate multiple listing services and associations.
Return to our Cybersecurity Awareness Month site.