Phishing scams become more and more sophisticated every day. With e-commerce and online banking increasing in ubiquity, cybercriminals have ample opportunities to trick you into pretending they are a trusted source. It’s not too hard to copy a brand’s logos and image and to falsify an email.

When you find an email in your inbox that doesn’t sound quite right or asks for information you don’t feel comfortable giving away, it’s time to ask: am I being phished?

Here are some other questions you can ask yourself to determine the legitimacy of any phishy emails that pop up in your inbox and as always, follow policy at work concerning suspected phishing:


Should I click on this link?

Always think before you click – especially when it comes to urgent sounding emails. Just one click and you may end up with unwanted downloads or be led to a shady website. Double check a link’s identity by hovering over the URL to reveal its true path. A box will either pop up beside your pointer or at the bottom of your browser with the true link. If it’s not the same as what’s in the body of the email, don’t click on it!

Things work a little differently on mobile devices, but it still only takes a second to check a link before clicking! This video below shows you how to check links on an iPhone:


Should I open this attachment?

An attachment in an email may turn out to contain malware. To avoid questionable downloads, run your incoming emails through antivirus and anti-malware software. You don’t want to find out that malicious software has harmed any of your files or spied on your activity!


Would this company send me this email?

Like we mentioned earlier, demanding or urgent messages should send up red flags. If you receive an email from a company you have an account with that urgently asks for information, such as login information or your social security number, beware! Signs of urgency include using all caps and/or lots of exclamation and question marks or threatening account closure or legal action. Phishers use a sense of danger or excitement to get you to act quickly, without thinking.

One clue that an email is not from the real organization can be found in the sender’s address. Discover if this is a ‘spoofed’ email by clicking on ‘More Details’ or ‘Full Headers’ in the ‘From:’ part of the email. If the ‘From’ address is incorrect, suspicious, or the email has been sent to many others, delete it! If it turns out that you accidentally permanently deleted a legitimate email, the original sender will try to get in touch with you again.

It might also be a good idea to contact the company that supposedly sent you the phishing email and alert them to the issue. Go ahead and change your password, too, through the organization’s secure https:// site and not through the email, just to stay on the safe side. Again, at work, be sure to follow policy!


Is that how you spell that?

When reading an email, always check for spelling or grammar mistakes. Organizations often have quality assurance systems in place so users don’t send out messages with errors. So, if an email in your inbox has one or more of these tell-tale signs, report it.


Is this phishing? (If you’re using other forms of communication!)

Phishing doesn’t just take place over email. You should always check texts, private messages, social media posts, phone calls, and any form of digital communication for signs of phishing. If an organization contacts you in any of these ways and asks for personal information or for you to follow a link, DON’T GIVE IN! Unless you’ve requested to be contacted via your phone, there’s no reason a company should use your phone number as a contact method.

Signs of vishing (voice phishing) and smishing (SMS phishing) manifest differently than the classic phishing signs. A couple of clues you should watch for:

  • Someone over the phone or via text not using your name or username when contacting you
  • A request for your personal information, passwords, credit card information, or social security number
  • An urgent problem, like theft or overdrawn accounts
  • When you call back the number, whoever picks up is not who they claimed to be
  • Misspellings, incorrect grammar, misplaced or overused capital letters


Don’t believe everything you see. Learn to spot the clues that identify phishing scams. Criminals have upped their phishing game, and some phishing attempts are so sophisticated, that the most security-aware of us might fall for their charms. Stay alert! Even if an email appears branded for a familiar company, and even if the language reads well, without obvious errors, look for other potential clues, especially if you are not expecting a communication from this person or company.

With new technologies on the market and new types of organizations to impersonate, phishing is evolving. Spelling errors and grammar mistakes do often reveal a phishing email’s true nature, but aren’t always the only indicators of a scam. You need to learn all you can about identifying scams and be persistent with that simple question of ‘Should I?” before giving out any information, downloading any attachments, or clicking on any links!

Meg Krafft

Digital Marketing Assistant at The Security Awareness Company
After starting out creating digital and print marketing for a real estate company, Meg now assists in keeping up the marketing needs for SAC. When not working she's probably watching a good movie or indulging in local art and music.

Latest posts by Meg Krafft (see all)