How to Spot Phishing Emails

In the middle of your day, you suddenly get an email that makes you sweat. One of your online accounts is about to be cancelled if you don’t act right now.

Before you click that link and take care of business, take a deep breath and pause for a moment. You may want to take a closer look at this scary email. It could be a phishing scam.

I’m going to show you how to spot phishing emails and what to do if you get one. First, let’s talk about what makes a phishing email.

Spam vs Phishing

If you’ve been using email for more than five minutes, you’re likely familiar with spam. Spam emails are annoying, but usually they aren’t dangerous. They can even come from trusted sources, like a home improvement store or Apple. If that’s the case, you can simply unsubscribe and you’re done. Spam wastes our time, but that’s usually the worst of it.

Phishing emails, on the other hand, are not there to sell you something, but to collect information. It could be info like your IP address or email address. Simply by you opening the email, they can collect that much data. That’s the most benign version of a phishing email. The most evil type of phishing emails are the ones that prompt you to click a link.

In this article I’m going to cover the evil kind.

What Does a Phishing Email Look Like?

At first glance, it looks like a legitimate email. It may even appear to come from a trusted source, like your bank, web host, or even Amazon. That’s by design, of course. There’s probably a convenient button or link that will take you right to your account.

So how can you tell if it’s really coming from the source it says it is? It’s tricky, but there are some clues that will help you figure it out. As an example, let’s take a close look at a recent email I received from my “web host.”

Screenshot of a phishing email from "Dreamhost team" that reads "Deactivation of mailbox due to domain expiration."

There are a few things that tipped me off about this “urgent” email. First, it’s from the “Dreamhost team.” The real DreamHost always capitalizes the “H” in their name, so that seems odd. Also, the first letter of the opening paragraph isn’t capitalized. Bad spelling and grammar are always tip-offs.

Next, the email address it’s coming from is a long series of numbers and letters, and it just looks weird. After a quick search of my email, I find that every legitimate email coming from DreamHost looks like either support@dreamhost.com or billing@dreamhost.com. No random numbers and letters with a German domain — that’s the .de in the address. DreamHost is based in the U.S., so that’s another red flag. Or a black, red, and gold flag to be more specific.

Also, my DreamHost account-related emails always go to a different, very specific email address. Not this one. Curious.

A more recent email I received shows that either someone new is phishing for my info, or the previous hackers learned how to improve their approach.

Screenshot of a phishing email from "Dreamhost Support" with the subject "Urgent: Hosting renewal failed"
No grammar or punctuation errors in this phishing email. Are they getting smarter?

These are just two examples, but they each have some of the most common tell-tale phishing signs:

  • The From or Reply-to email address looks suspicious
  • Bad spelling or grammar
  • It urges you to take action right away or face dire consequences

Now let’s talk about that convenient link they gave me.

Don’t Click That Link!

By hovering over (not clicking) the link in the email, I can see that what they’re offering me actually points to https://yachtarbeit.de — which sure doesn’t sound like DreamHost to me.

For research purposes, I visited that link in a private, secure browser using a VPN (to hide my identity), the page looked exactly like the real DreamHost account login page. But it’s not.

Screenshot of fake DreamHost login page

Someone created that faux DreamHost page to trick me into entering my login credentials. At which point they can collect them and use my own login to access my account on the actual DreamHost site.

At this point, I was already positive this was a phishing scam and I didn’t log in — I only visited the page for the purposes of writing this post and sharing my knowledge with you.

What if the Email Looks Legit?

As you can see, phishing emails like these can be easy to spot when you take a few moments to analyze them. What if looks okay but you’re still not positive it’s legit? Maybe there’s really an issue in one of your online accounts needs to be addressed. There’s an easy solution.

Visit the page where you usually log in to your account (NOT via the link in the email). Once you’re logged in, if there really is an issue you’ll probably see some kind of alert. If you’re still concerned, chat with customer service, or call them. You’ll either address the issue or find out that it’s bogus. You stay safe and you avoid having your private data collected.

Stay Vigilant

Phishing emails can be tricky to spot at first glance, but once you know what to look for, you can avoid getting hacked. In the world of cybersecurity, my personal philosophy is that the more convenient it is to access an account, the less secure the method. That means that those pretty buttons in your email are not very safe when it comes to logging into your online accounts. In fact, even when I know an email is from a legitimate source, I very rarely use those links.

Every so often I get an email from a client asking if an email they received about their website is bogus. I happily advise them and I compliment them on their security smarts. I’ve never seen a single urgent “Take immediate action!” email that was real.

You now have the knowledge to avoid falling into a phishing net. Stay vigilant.

Featured image by Kasia Derenda on Unsplash

Learn more!

Sign up to receive my latest website tips directly in your inbox.

I’ll never send you spam or share your email address.
Find out more in our Privacy Policy.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *