How to Spot a “Phishing” Email
While there is no technique that can spot phishing emails with 100% certainty, these are some logical steps that you can use to determine the likelihood that an email is not legitimate. Trusting your own instincts is just as important too. If an email doesn’t seem right, then treat it with all due caution and seek help if you need assistance.
Examine who the message is being sent from and why…
- The message was sent by a person and organization unknown to you, and may also include fictitious or unfamiliar recipients.
- The Subject line indicates that an unsolicited attachment is being forwarded. In most business/work relationships, some kind of communication would have taken place where you would be expecting files that someone wants to send to you.
- The attached file type of ZIP is known to be potentially malicious. Other potentially risky file types end with DOC, XLS, EXE, PDF, BAT and VBS. While most people often use these file types every day, the risk lies within the ability of malicious code being inserted into these kinds of documents. An unsuspecting recipient opening a malicious file of these types would unknowingly execute malware on their own computer.
Examine the body of the message…
- The message opening is unusually and overly formal. People you know or have working relationships with would not ordinarily use such formal language.
- The message prompts you to create an account or divulge personal details that one would normally hesitate to share.
- The name given in the message body is different than the name given in the FROM field.
If you believe you have received a phishing email, check The Phishbowl (https://www.unh.edu/it/the-phishbowl) to see if it has already been reported and confirmed as phishing or forward it to firstname.lastname@example.org.