Tips on How to Identify Phishing or Spoofing Email
Tip 1: Don't trust the display name.
A favorite phishing tactic among cyber-criminals is to spoof the display name of an email. Don't trust the display name. Check the email address in the header form-if looks suspicious, don't open the email.
Tip 2: Look but don't click.
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don't click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.
Tip 3: Check for spelling mistakes.
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Tip 4: Analyse the salutation.
Is the email addressed to a vague "Valued Customer"? If so, watch out-legitimate businesses will often use a personal salutation with your first and last name.
Tip 5: Don't give up personal information.
Legitimate banks and most other companies will never ask for personal credentials via email. Don't give them up.
Tip 6: Beware of urgent or threatening language in the subject line.
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
Tip 7: Review the signature.
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
Tip 8: Don't click on attachments.
Tip 9: Don't trust the header from email address.
Tip 10: Don’t believe everything you see.
If you feel like you've accidentally opened or downloaded an untrusted file, report this to us immediately.