A Guide to Catching Phishing Emails

Protect yourself and your business by outsmarting cyber criminals and successfully identifying phishing emails.

Phishing is a serious cybersecurity issue, accounting for 92% of *malware incidents.

*Malicious software designed to damage or gain unauthorized access to computer systems and sensitive data.

Between 2016-2020, an estimated $28 billion were stolen through email fraud, costing $150K per incident on average.

The most frequently impersonated brands include Amazon, Google, Facebook, Whatsapp, Netflix, and Apple.

1: Check the Sender's Email Address.

This is the very first thing you should do. Phishing emails often come from addresses that seem legit but look closer and you’ll find typos or the wrong extension (like .com vs .net).

2: Preview Links Before Clicking.

Hover over a suspicious link or hold down on a link if you’re using a touch screen. This will show you a preview of the webpage and/or the full link without navigating to the page so you can confirm if it’s safe. You should also be careful of links when receiving them via text messages or as a QR code.

3: Be Careful Opening Attachments.

Attachments can be just as dangerous as links. Be sure the attachment is coming from a legitimate email (see #1) and that it’s something you’re expecting to receive. If you know the sender but aren’t expecting it, verify it’s from them via a different method of communication.

4: Be Wary of Unsolicited Emails and Urgent Requests.

If you receive an email from an individual or organization you don’t do business with, or if it’s someone you know but the email is unusual or urgent, be especially cautious about clicking links, opening attachments, or fulfilling requests. For example, if your CEO has never contacted you before but asks you to buy gift cards for a client ASAP, it's a safe bet to double-check that the request is real via another communication channel.

5: Notice Generic Greetings, but Don't Let Personalization Fool You.

Phishing emails will often, but not always, address you with a generic phrase, such as “Dear customer” or “Hello friend,” whereas a legitimate email will likely address you by name. However, personal information can be easily accessible to cyber criminals, so don’t dismiss other red flags just because the sender addresses you by name.

6: Don't Rely on Grammar and Spelling Errors Alone.

Phishing emails tend to be poorly written, however, don’t rely on errors to be a red flag. With the uptick in AI usage, it will likely decrease the amount of errors in phishing emails, making it harder to spot a phish.

7: Think Objectively Before Acting. 7 Seconds is All it Takes.

Phishing emails will often create a sense of urgency. This makes the reader panic, causing them to ignore red flags and click on links or provide sensitive information. Before responding to an email, always take time to review it based on the previous tips. Just 7 seconds is enough time to switch our brains from reactive to objective.

Fun fact:
7 seconds X 100 emails is less than 12 minutes. Those 12 minutes are definitely worth not getting phished.

Let's Test Your Knowledge!