What are phishing emails?

Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information.

Step 1: Identify the website as a phishing scam.

Urgent requests. Phishing attacks attempt to induce panic in the receiver and cause the person to act before investigating the authenticity of the message.
Bad spelling or grammar. Phishing messages are notorious for containing misspelled words, awkward phrasing, or poor grammar.
Attachments. Phishing messages may attach fake documents or files to trick you into opening up malicious software.
Requests to click a link. Attackers commonly use links to redirect you to insecure websites or pages pretending to be official organizations.
Generic signature line. Authentic messages are typically signed by official contacts or names, while phishing messages may be signed by generic company names or roles.
Offers that are too good to be true. Phishing attacks can play on your emotions and offer false hope in the exchange for your personal information in the form of job offers, acceptance messages, or “congratulations, you won!” scams.
Unexpected requests regarding personal information. Be extremely wary of following links or answering questions from contacts you did not initiate.

Step 2: Check out links and attachments before you click.

Links can direct you to spoofed web pages or download harmful files on your system. You can hover the cursor over the link before you click on it to ensure that the address matches the link that was typed. You can always check the legitimacy of a message by going directly to the company or organization website or contacting them via phone. Hover over an attachment to verify that the title matches the file type. A document that looks like it has a name “something.pdf” might actually be a file “something.exe.” An .exe extension means the attachment is actually a software program that you execute and is extremely dangerous; it can cause computer infection and data loss.

Step 3: Report and delete.

If you suspect that the email is a phishing message, delete the message from your inbox or forward it to your IT department if it goes to a corporate email.

Return to the homepage.