When it comes to identifying a phishing attempt, there are a few key areas that can implicate a potential threat. Ask yourself these questions when you receive an email that seems out of the ordinary.
Am I expecting an email from this sender?
Or does this correspondence strike me as suspicious, unprompted, and out of the blue?
Does this email sound like the sender?
If the sender is someone you know (i.e., a friend or colleague), does it sound like him/her? Is this how they normally talk/write? Is it riddled with typos? If so, is that typical of the sender?
Is the subject matter characteristic of the sender?
For instance, if the email appears to be coming from your brother and asks you to wire him money but not to call him, is this characteristic of him or does it seem unusual?
Similarly, does the content/subject matter make sense?
For instance, if the email is an order confirmation from “Amazon,” did you order anything from Amazon recently or does this seem wrong or out of place?
Do you normally receive these types of emails from this account?
For instance, this appears to be your bank statement, but it’s going to your work email instead of the personal email listed on your account?
Does the email urge you to take immediate action?
Is the email trying to force you to take a certain action by using terms like “ASAP,” “urgent,” “immediate,” “right now,”? I.e. You “must” change your password “right away.”
When hovering over the links in the email, do they appear to be legitimate?
Place your cursor over one of the links (but DO NOT click it). The URL/website that the link will direct you to will be displayed next to your cursor. Does it match the website it says it will take you to?