Phishing emails are one of the most dangerous types of cyberattacks because they appear in disguise. Upon opening a phishing email, it will typically look like any ordinary email. But if you look closely, there are red flags across the board.

The reason these red flags are tough to spot is that they’re discreet. To protect your organization, it’s important that all employees be aware of the signs, and know what to look for.

Below are five ways to spot phishing attacks.

1. The email asks you to confirm personal information.

If the email makes requests that you wouldn’t normally expect, that’s a pretty strong sign that it’s not from a trusted source. Keep an eye out for emails that ask you to confirm personal information like banking details or login credentials. And most importantly, don’t reply or click any links if you don’t think the email is genuine. Go the safe route and contact the organization directly through an online contact form or by phone.

2. The email or web address looks suspicious.

Typically, a phishing email will come from an address that appears to be genuine. Criminals will try to trick you by including the name of a legitimate company within the structure of email and web addresses. At first glance, these details can look real but look closely as you may find an error. For example, the address may look like @mail.walmart.work as opposed to @walmart.com. In addition, malicious links can also be hyperlinked within the body of an email. They’ll appear legitimate because in most cases, the criminal will include links that actually are genuine to try and fool you. Before clicking on links, hover over and inspect each one first. If it looks suspicious, open it in a separate tab in a private browser to confirm, but do NOT click on the link in the email directly.

3. It’s poorly written.

Grammatical and spelling errors are a huge red flag for phishing emails. They might be minor, so look closely. The email may also include strange phrasing and weird formatting like weird spacing, different font sizes, etc. If it doesn’t look cohesive and doesn’t flow off the tongue, you might want to check with your supervisor to confirm it is a phishing email.

4. There are suspicious attachments.

Opening an attachment that contains a malicious URL or trojan can be detrimental to your organization. Even if you think it’s genuine, make sure you hover over the link or open it up in a separate browser tab to confirm it’s real. A telltale sign the link isn’t valid if it’s something unexpected, out of the blue, or doesn’t pertain to the email at all.

5. The email makes you panic.

The majority of phishing emails are designed to make you panic. The email subject line will start off with language like “URGENT” or “Can you do this for me quickly”? It’s designed to make you feel like you missed something. For example, you might get an email saying an account has been compromised, and the only way to recover it is by providing your social security number. Ensure you’re taking the time to really think about what the email is asking and if you’re unsure, you can contact the company through alternative methods.

The biggest piece of advice we can give with phishing emails is to use your common sense. When in doubt, throw it out. If something feels or looks phishy, trust your gut! If you’re suspicious of an email, always bring it to the attention of your supervisor for clarification. We also recommend checking out this helpful phishing email awareness video on YouTube. It provides representations of phishing tactics so you’ll be able to see a visual to all the points we listed above.

At Thinline Technologies, we can help your small to mid-size business prevent all cybersecurity threats to your organization. Give us a call at (410) 453-9300 or contact us online today.