Spot Phishing Emails Like a Boss

Oh No! You just opened your email and there’s a message from your bank. There’s a problem with your account. Luckily the bank has provided link, so you can fix the issue on line.

Not falling for it? Good. Because this is a classic phishing (fishing) email.

Scammers use this technique to steal private login details, giving them access to things like accounts like Apple, Google, Amazon, Netflix, and PayPal – which are often tied your credit card or bank accounts.

Common Phishing Characteristics

Scammers can make phishing emails look very real, but they often lack attention to detail. Below, I have highlighted the most common tell-tale signs of a classic phishing email.

1. The Important Notice

Screen shot of email inbox with fake message from the bank

Scammers use a number of manipulative techniques to get your attention. In this example, the bank (supposedly) has sent me an “Important Notice”. It seems that my “banking functionality has been temporarily limited”.

We all get lots of important emails. But when you see a big bold “Important Notice” you should start to feel a mild tingling of your spidey senses.

2. Bad English

Sample email showing common mistakes made by scammers

Poor grammar, spelling, and punctuation mistakes all point to a phishing scam. In the example above, supposedly from TD Bank, the scammer’s inconsistent spelling of the bank’s trade name is a tip-off; sometimes “TD Bank” – with a space between “TD ” and “Bank” – and sometimes “TDBank” with no space between.

Also, the text content in the body of the email is sloppy; upper case letters for no reason and a double period .. at the end.

3. Unrelated Sender

Image of email header showing the sender is not who you think they are

In almost every email app – whether it’s in Windows, MacOS, iOS, or Andriod – you can see the email address of the sender. If the sender’s email doesn’t appear to be related in any way to the company they supposedly represent, it’s probably a scam.

This can be tricky, however, because scammers can “spoof” real addresses. So even if the sender looks legit, you’re not necessarily safe.

4. Check the Links

example of a link in an email that leads to phishing website

No matter what … DON’T click anything until you are 100% positive that it’s safe. How can you tell? If you’re using a laptop or desktop PC (or Mac) just hover your mouse pointer over a link and the web address will appear. Phishing links will almost always point to a web address that is unrelated to the real one.

Be sure to investigate all the links in the email message, including the infamous “unsubscribe” button.

5. Don’t Unsubscribe

Example of an email with a pishing link disguised as an unsubscribe button

Don’t want annoying spam emails? Of course … just click “unsubscribe” an they’ll never bother you again. Scout’s honour.

In truth, the unsubscribe button is the scammer’s last hope; their final attempt to get you to click something – anything. Don’t fall for it. Best case scenario – you’ll get more spam. Worst case scenario – somebody will be applying for eleven credit cards using your social insurance number.

Saved by Suspicion

The more you look at these phishing emails with a critical eye, the easier they are to spot. Sometimes there’s a dead giveaway – like a misspelled company name – but most often you’ll have to examine the email more closely.

So, what should you do when you discover a phishing email? If you have a strong sense of social justice and lots of time on your hands, you can track down a contact email for the real, legitimate business and inform them that somebody is using their good name to commit fraud. Then you can share a warning on social media. Or … you can just delete it.

Stay safe!