One of the most common online threats, phishing emails are fake emails that appear to be from an authentic source. These emails aim to obtain personal information that will later be used to take advantage of your personal or business accounts. It is important to know what to look for when reviewing a suspicious email. Here are a couple of ways to spot phishing attacks.
The email asks you for personal information.
The most telltale sign of a phishing email is that it requests for your personal information. Information like banking details or login credentials are not typically requested by our organization or external businesses. Do not provide any information until you can confirm that the email is legitimate. One way to confirm is to organization directly using an alternate method, like via phone.
The email and web addresses do not look genuine.
When you receive an email, there are two layers to the "From" field; the display name and the email address. Cyber criminals will leverage names within an organization to trick employees into responding to the phishing attempt. A quick glance at the field will give you a sense that the email is legitimate, however, taking a moment to review the actual email address you may find that the email address looks suspicious - for example; @santarosa.com instead of @santarosa.edu. SRJC IT provides some assistance in identifying emails from outside of our organization by appending "[External]" to the Subject headers.
Malicious links can also be concealed within the body of an email. Before you click on a link, hover over the link to inspect the site that you will be directed to.
There are multiple spelling or grammatical errors.
All too common, phishing emails are easy to spot by the number of spelling and grammatical errors. Emails that come from legitimate companies will have been exhaustively checked for spelling and grammatical errors. If you received an email from a company that is riddled with mistakes, this may be a strong indicator that it is a phishing attempt.
The message requests you to take immediate action.
The email may make references to urgent or immediate action being needed. For example, emails that claim that your account has been compromised and request you to provide your login information. Some may even request that you reply to th email using a personal email account. Take some time to check these emails thoroughly and ask yourself if it is asking something reasonable of you.
It doesn't hurt to be cautious! If you are unsure about an email, SRJC IT has the tools to help. Send a copy of the suspicious email to firstname.lastname@example.org and we will assist you.