8 min read
Sep 11, 2020

How to Spot Phishing Emails—A Brief Guide

Some fraudulent emails are obvious while others are more complicated. Take our test to find out how well you can spot a phishing scam.

Zach CapersSenior Content Analyst

Phishing tactics are constantly evolving and becoming more sophisticated. Modern phishing schemes involve everything from social media messages to vishing (voice phishing) and deep fake technology. But its original form, the humble phishing email, remains a potent cybersecurity threat to your business that must not be overlooked.

What are phishing emails?

Phishing emails are bogus messages intended to manipulate you into clicking a link, downloading an attachment, or providing sensitive data such as network credentials or financial information. These fraudulent emails typically include either a malicious link, a malicious attachment, or both.

Our recent survey found that 82% of small-business leaders are concerned about phishing threats—a full third (34%) said they are very concerned (see our methodology at the bottom of the page).

And while it’s reassuring that most small businesses appear to be taking the phishing threat seriously, 18% of our respondents said they are not concerned about phishing threats. That means about one in five small-business leaders are being complacent about one of the security risks most likely to expose their company to malware infections, ransomware ploys, and data breaches.

Group 3@1x Created with Sketch.

Look out for malicious links and malicious attachments

A malicious link typically takes you to a bogus website to trick you into entering banking credentials or providing confidential information. A malicious attachment infects your system with malware. These are a phisher’s most basic tools—be on the lookout.

Avoid clicking malicious links

Rarely is there a good reason to click a link in an email, whether it’s valid or not. Let’s say you receive an email from your bank asking you to click a link to verify some information. Instead of clicking, type your bank’s web address directly into your browser and check to see if you have any messages. If the link is to something more specific, such as an article, search for it online and navigate to it safely.

Be suspicious of any link in an email, whether in the text of the email or in the sender’s signature. Hover over it to see the URL preview at the bottom of the screen. Does it make sense? Is it pointing to the expected address? Is it suspicious in any way?

Quick takeaway: Think before you click an email link.

Steer clear of malicious attachments

A malicious attachment is any type of document embedded in an email (think a Word doc or PDF)  that includes malware or other means for an attacker to gain access to your network.

Email attachments can be ticking time bombs. You open an attachment and nothing out of the ordinary happens—for now. It may be that you’ve allowed an advanced persistent threat (APT) into your network whereby attackers access your systems and methodically take action over an extended period of time. It’s not until months or even years later that you realize you’ve been breached.

Always be wary of unexpected email attachments and contact the sender via secondary means (phone call, text message) to verify legitimacy if you have any doubts. If your company continually exchanges sensitive data through email attachments, consider using a secure cloud storage platform or virtual data room software instead so you can share documents in a secure, encrypted environment.

Quick takeaway: Consider if an attachment might be entrapment.

Group 3@1x Created with Sketch.

Guard against email spoofing and fear tactics

Email spoofing is one of the most common phishing email tactics. An impostor creates an email that appears to come from a known entity or trusted brand, such as a financial institution. And while today’s spoofed emails don’t typically include glaring grammatical or spelling errors, they often contain multiple inconsistencies and usage errors, sometimes resulting from poor translation or fabricated details.

Spoofed email headers with convincing graphics and logos put you at ease while a misleading domain name makes the scam even more persuasive. A message that pressures you to take action or provokes interest (you’ve won!) completes the scam.

Watch out for bogus domain names

Bogus domain names might be slightly misspelled so you read right past them without noticing. For example, a cybercriminal might register the domain name arnazon.com using the letters r and n to form “rn” in place of the letter “m” so the recipient doesn’t notice the deceptive URL, believing the email came from Amazon.

Cybercriminals also register domain names that are similar to a known entity such as amazonstore.com (which Amazon smartly purchased for just this reason), easily mistyped (yahooo.com), or use an alternate top-level domain such as .app instead of .com.

Quick takeaway: Examine the sender to determine if they’re a pretender.

Don’t give in to pressure

Another goal of a phishing email is keep you off-balance so you don’t think twice before clicking a link, downloading an attachment, or giving out personal information. That's why you can usually spot a phishing email by its pressure to take action or attempt to convince you that you’ve been victimized by some sort of breach or cyberattack—when the attack is right there in front of you.

This tactic is a type of social engineering that preys on your human nature. Don’t fall for it.

Quick takeaway: Always be suspicious of a message that piques your interest.

Group 3@1x Created with Sketch.

Test your ability to spot a phishing email

Now that we’ve reviewed how to spot phishing emails, let’s take a look at a mock phishing test created for this article.

You’ve just received an email from your bank alerting you to a problem with your account. See if you can identify all of the indicators that this is a phishing scam (answers are at the bottom of the page).

Group 3@1x Created with Sketch.

‘Support’ via Security Team <support@capitolone.cardmember.info>

Capital One cardmember alert,

We detected an unusual behavior on your account. A suspicious log in attempt was made from an unrecognized source. Our security team believes your account might be compromised.

Log-in details

Country: Malta

IP Address:

Date: 21/09/2020

 If this was you, please disregard this message. If you do not recognize this activity, please change your password immediately.

Kind regards

CapitalOne security team

Group 3@1x Created with Sketch.

Protect sensitive information to avoid a bad situation

Email is fundamentally vulnerable to phishing due to the interoperability of various email providers. In other words: you can send an email from a Gmail account to a ProtonMail account without an issue. This makes authentication difficult because most email standards—such as Simple Mail Transfer Protocol (SMTP)—were never intended to verify the sender or authenticate email addresses. And while a spam filter and other email security strategies can stop most phishing emails from getting through, they won’t stop them all.

Unfortunately, it only takes one person to compromise an entire company by clicking on a malware-laden attachment or handing over their network login credentials to a cybercriminal. It’s critical that all employees learn how to spot phishing emails.

Remember to:

  • Double-check the sender’s email address

  • Check for grammatical and spelling mistakes

  • Ensure salutations are used correctly

  • Beware of emails that create a sense of urgency or spike your curiosity

  • Hover over URLs in the email body to check where the URL actually takes you

  • Refrain from downloading unexpected email attachments

  • Guard sensitive data and be suspicious of any email that requests personal information

Sophisticated phishing attacks are on the rise. To learn how to protect yourself from advanced attacks such as spear phishing and business email compromise (BEC), read our guide.

Phishing Test Answers and Survey Methodology

Test answers:

  1. The sender’s email address is @capitolone instead of @capitalone.

  2. It is unlikely that a well-known bank would use .info as their top-level domain.

  3. The use of “an unusual behavior” is an error that might result from poor translation.

  4. Hyphenation for the term “log in” is inconsistent.

  5. Maltese IP addresses begin with 2 or a 5. The IP address listed would be based in North Macedonia, indicating poorly fabricated details.

  6. The date is provided in dd/mm/yyyy format instead of mm/dd/yyyy which is standard in the U.S.

  7. The message pressures the recipient to take immediate action.

  8. The comma is missing after kind regards.

  9. Capital One is two words when it first appears and one word when it appears a second time.

  10. The underlying URL for the change password link is a Rick roll, an internet scam nearly as old as phishing itself. Were this an actual phishing email, the link likely would have brought you to a bogus login page where you might have entered your personal details and compromised your bank account.

Survey methodology

The business model survey referenced in this article was conducted by GetApp from June 18 to June 23, 2020 among 577 respondents who reported executive leadership roles at small businesses with 500 or fewer employees.

Back to top