Every day, thousands of people are fooled by phishing emails sent by cyber-criminals. These scams can cost people thousands of dollars and contribute to stolen identities. In previous posts, we wrote about how to avoid phishing scams and how phishing works.  In this post, we get a bit more specific on how to be vigilant against suspicious emails.  Here are 8 tips for spotting a phishing email.

Tip 1: Don’t trust the display name

A favorite phishing tactic among cyber-criminals is to spoof the display name of an email. Fraudulent emails once delivered, appear legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if it looks suspicious, don’t open the email.

Tip 2: Look but don’t click

Hover your mouse over any links embedded in the body of the email. If the link address looks strange, don’t click on it.

Tip 3: Check for spelling mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Tip 5: Don’t give up personal information

Legitimate banks and most other companies will never ask for personal credentials via email.  If an email is asking you to provide credentials or personal information, there’s a good chance that it’s a phishing email.  And by best practice, you should never provide credentials via email.

Tip 6: Beware of urgent or threatening language in the subject line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim “URGENT!” or your account had an “unauthorized login attempt.”  Most of these are phishing emails.

Tip 7: Review the signature

Lack of details about the sender or how you can contact a company strongly suggests a phishing attempt. Legitimate businesses always provide contact details.  Some smart cyber-criminals will provide contact details, directly you to their fake website or call center.  Use good judgement when reviewing the website and always check the phone number that you’re calling to make sure it’s the actual number of the company.

Tip 8: Don’t believe everything you see

Cyber-criminals are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.