Is it Real or not? How to Spot phishing Emails

It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. But knowing which emails are real and which are phishing emails is crucial and can save you money and problems in the future.

Let’s jump right in and examine some examples of fake emails:

In this example, overall, it looks like a normal email from Netflix. It even uses its header and logo. It mentions a billing problem and invites you to click on a link to update your payment details. So far, so good. But if you take a closer look, you can see a generic greeting: “Hi Dear.” That’s not very typical for a business to say. Maybe your mother.

In this example, it seems that PayPal recognized a security issue with your account and urges you to review it by clicking a login link which will then encourage you to insert your login details. But if you take a closer look at the sender’s URL (at the top of the email), you can see that it doesn’t end in @paypal, but rather a misspelled version of PayPal and a @outlook ending, which is a public email address service.

Not all phishing emails direct you to a phishing website. In the above example, you can see that it urges you to call some 800 number. Besides the sender URL having similar issues as the previous example, we notice problems in writing: “a malicious user might trying” (makes no sense), “Windows” is in lowercase, and other grammatical and spelling issues. This should be a red flag that this is, in fact, a phishing email.
Sounds scary? Don’t worry. Following the next tips can be helpful in spotting and preventing phishing attacks.

Here are some tips to protect yourself from phishing attacks:

  1. Trust your instinct
    When you get an unusual email from your bank saying your account has suddenly closed, most people’s initial thought would be that it…well…makes zero sense. Others may panic and frantically follow the instructions of the email attempting to steal your information. Whatever your reaction may be, try to remain calm and follow the next steps.
  2. Check the email address of the sender
    Does it look familiar? Does it end in a “@amazon.com” or simply include “amazon” in a random place? When you run a search on your email with that address, does any previous communication come up? Are they using a public email service like google? If so, it may be fake.
  3. Contact the real company directly
    If you aren’t sure whether the suspicious email is real or not, just give the company a call or email. Nowadays, you should get most companies’ contact info by doing a quick Google search.
  4. Be wary of alarming content.
    Anything that urges you to act fast with a short deadline (such as 48 hours), asks for your financial information, offers you a reward, or just seems overall wrong, it probably is. Of course, you may receive a legitimate message informing you to take action. For your safety, don’t click the link in the email, no matter how real it appears to be. Instead, visit the real website from your browser and log in from there to check your account status.
  5. Check improper spelling or grammar
    This is one of the most obvious signs that an email is fake. Sometimes, the mistake is easy to spot, such as ‘Dear Facebook Costumer’ instead of ‘Dear Facebook Customer.’ So when in doubt, check the email closely for misspellings and improper grammar.
  6. Watch out for emails saying you’ve won a contest you haven’t entered
    A common phishing scam is to send an email informing recipients they’ve won a lottery or some other prize. All they have to do is click the link and enter their personal information online. Chances are if you’ve never bought a lottery ticket or entered to win a prize, the email is a scam.
  7. Watch out for emails urging you to make a donation
    As unbelievable as it may seem, scam artists often send out phishing emails inviting recipients to donate to a worthy cause after a natural or other tragedy. For example, after Hurricane Katrina, the American Red Cross reported more than 15 fraudulent websites were designed to look like legitimate Red Cross appeals for relief efforts. Potential victims received phishing emails asking them to donate to the Red Cross, with links to malicious sites that stole their credit card numbers. If you’d like to donate to a charity, do so by visiting their website directly.
  8. Be careful of emails containing suspicious attachments
    It would be highly unusual for a legitimate organization to send you an email with an attachment unless, of course, it’s a document you’ve requested, such as a monthly account statement you’ve subscribed to receive. As always, if you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malicious.
  9. Use security software or app such as ZoneAlarm Extreme Security.
    ZoneAlarm Extreme Security includes all you need to protect your PC and mobile device (Android or iOS) from cyberattacks, including phishing attacks, all using enterprise-grade technology by Check Point. Its anti-phishing feature prevents you from inserting your credentials while it checks if the potentially dangerous website/email opened is safe or not. Only after it is deemed safe can you go ahead and insert your credentials.

To summarize, to avoid phishing, you need first to know the primary forms of phishing emails. This post covered the most relevant areas that would help you identify phishing scams and stay safe.