10 Tips for Identifying and Dealing With Phishing Email

1 - 10 Tips for Identifying and Dealing With Phishing Email
2 - Don't Trust the Display Name
3 - Don't Always Trust the Sender's Email Address
4 - Look but Don't Click
5 - Check for Spelling Mistakes
6 - Analyze the Salutation
7 - Watch What Information You Reveal
8 - Look at the Language in the Subject Line
9 - Review the Signature
10 - Be Cautious About Clicking on Attachments
11 - Don't Believe Everything You See
1 of 11

10 Tips for Identifying and Dealing With Phishing Email

Most people don't question the "from" field in the emails they receive. We explain why they should and offer other guidelines for dealing with phishing email.

2 of 11

Don't Trust the Display Name

A favorite phishing tactic among cyber-criminals is to spoof the display name of an email. Here's how it works: If a fraudster wanted to impersonate the hypothetical brand "My Bank," the email may look something like the image here. Since My Bank doesn't own the domain "secure.com," email authentication defenses will not block this email on My Bank's behalf. Once delivered, the email appears legitimate because most user inboxes and mobile phones will only present the display name. Always check the email address of the sender in the header; if it looks suspicious, flag the email.

3 of 11

Don't Always Trust the Sender's Email Address

Fraudsters not only spoof brands in the display name, but they also spoof brands in the sender's email address, including the domain name. Keep in mind that just because the sender's email address looks legitimate (such as sendername@yourcompany.com), it may not be. A familiar name in your inbox isn't always who you think it is.

4 of 11

Look but Don't Click

Cyber-criminals love to embed malicious links in legitimate-sounding copy. Hover your mouse over any links you find embedded in the body of your email. If the link address looks weird, don't click on it. If you have any reservations about the link, send the email directly to your security team.

5 of 11

Check for Spelling Mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

6 of 11

Analyze the Salutation

Is the email addressed to a vague "Valued Customer?" If so, watch out; legitimate businesses will often use a personal salutation with your first and last name.

7 of 11

Watch What Information You Reveal

Most companies will never ask for personal credentials via email, especially banks. Likewise, most companies will have policies preventing external communications of business IP. Stop yourself before revealing any confidential information over email.

8 of 11

Look at the Language in the Subject Line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your "account has been suspended" or ask you to take action on an "urgent payment request."

9 of 11

Review the Signature

Lack of details about the signer or how you can contact a company strongly suggests a phishing attempt. Typically, legitimate businesses provide contact details. Check for them.

10 of 11

Be Cautious About Clicking on Attachments

Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don't open any email attachments you weren't expecting.

11 of 11

Don't Believe Everything You See

Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language and a seemingly valid email address. Be skeptical when it comes to your email messages; if it looks even remotely suspicious, do not open it.

Top White Papers and Webcasts