Email phishing is the act of someone with malicious intent attempting to extract information, usually passwords, but this can vary depending on the severity of the threat posed.

We’re going to cover the 5 most common signals that will help you spot an email that might be a phishing attempt.

Most email phishing attacks pretend to come from larger organizations like Microsoft or Apple.  The easiest way to spot if you are indeed getting a genuine email or not is due to poor spelling or grammar contained in the email.

Out of all the different signs, this can be the easiest to spot as you read the email.

It’s quite common for more manual attempts of phishing for there to be a request.  This can be something like asking for payment for an item or more information on an invoice.

Quite often the manual attempts at phishing get past any IT security measures you have in place.  It’s down to having some common sense and questioning the authenticity of an email that can help prevent these types of phishing attempts.

As an example, you might have been asked for more information on an account or invoice, give the company a call to double-check that indeed this request is genuine and not part of a phishing campaign.

“Urgent action required!” “Your account will be closed!” “Your account has been compromised!” – these are common email subject lines from which will alert you to something.

These types of subject lines are a psychological trick that can play on your potential concern or anxiety about what the email is stating. 

Anything with a subject line like this should be scrutinized more closely.

This is the number one way to spot an email phish.  However, they can be hard to spot. 

Carefully inspecting the link that is contained in an email before clicking on it is advisable.  However, hackers have gotten pretty smart about hiding the URL so it’s not that easy to see exactly where the link is going to take you.

Manual inspection of links always works best.  Always look carefully at the domain name and make sure that the link is not masking a subdomain.  Something like this is common:

microsoft.outlook.mybadsite.com/123pageid.php

The first part of the domain looks genuine.  However, the bit just before the .com is what to look out for.  The hacker in this example has set up a subdomain on mybadsite.com to make it appear like your going to a genuine website.  But, it’s just a subdirectory within the hacker’s website.

Quite often these websites are genuine websites that have also been hacked and a subfolder has been set upon them.

We save the best for last.  Always check to see who the email is from.

Similar to the subdomain trick above, hackers will pretend to send from a genuine email address.  The trick usually entails replacing one character in a genuine email address.

As an example:

bill.gates@micr0soft.com

Looks almost legit but can quite easily be missed if you’re not looking hard enough.