Tips to Spot a Phishing Scam

What is a phishing scam?

Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate member of an institution in order to trick targets into providing sensitive data such as banking and credit card details or passwords.

This fraudulently obtained information is then used to access the target’s important accounts and can result in identity theft and financial losses. Knowing some of the common signs of a phishing email can help you stay safe from this kind of scam! The following are 4 questions to ask yourself when determining whether or not an email is legitimate. It’s important to note that some phishing emails can be very convincing, so if there is ever any doubt in your mind about an email’s legitimacy, don’t click any links or send any personal information back to the sender.


1. Is the email urgent?

Many phishing emails will use phrasing to sound as though you need to take immediate action. Saying things like “don’t wait any longer” “immediate action required” are common buzzword phrases that can help you spot a phishing email. Most institutions that need you to verify your information will send you an official letter by mail and won’t give you a deadline of only a few hours to respond.


2. Is the message grammatically correct?

This isn’t always a surefire way to spot a phishing email, human errors do happen sometimes when writing an email. However, very obvious misspellings or grammatical errors can be signs of a scam email. Legitimate password reset emails, “login now,” or other emails regarding sensitive personal information should not contain any misspellings or grammatical errors.


3. Is the sender’s email address correct?

Targeted phishing emails can appear to come from someone you know or a company that you do business with. Scammers can spoof email addresses to make their message appear legitimate, so it’s important to closely review the sender’s email address when they’re asking for personal information or sensitive data. Make sure the domain is correct, and check for any typos or extra numbers in the email address. If there’s ever any doubt, call the company or the person directly using their contact information and verify that they sent you an email request.


4. Is the “Call to Action” normal?

Most phishing emails will ask you to do something — download an attachment, go to a login page, or provide personal information. If this is the case, ask yourself if this is normal. Is this traditionally the way that this kind of request is carried out? For example, your bank will never email you asking you to input sensitive account credentials, they’re your bank! They know your account numbers and balances, so they wouldn’t need to contact you and ask for that information. Use that same common sense approach for other emails.