How to Identify Phishing in Suspicious Emails

Phishing emails are a common type of cyberattack aimed at tricking recipients into revealing sensitive information such as passwords, credit card numbers, or other personal data. These emails often appear to come from trusted companies or individuals but contain hidden threats. Learning how to spot phishing attempts can help protect you from falling victim to these scams.

Key Indicators of a Phishing Email

Suspicious Sender Address
- Phishing emails often come from addresses that are designed to look like legitimate sources but contain slight variations. For example, an email claiming to be from DocuSign might come from an address like "support@docusgn.com" instead of the legitimate "support@docusign.com."
- Always verify the sender’s domain name and ensure it matches the official website.
Generic Greetings
- Phishing emails often use impersonal greetings such as "Dear Customer" or "Dear Sir/Madam." A legitimate company usually addresses you by your name, especially if you have an account with them.
Urgent or Threatening Language
- Scammers try to create a sense of urgency, pressuring you to act quickly by clicking a link or opening an attachment. Phrases like "Your account will be suspended!" or "Immediate action required!" are red flags.
- Legitimate companies don’t usually ask you to act immediately under threat of losing your account or services.
Unusual Attachments
- Phishing emails might include attachments that claim to be invoices, PDFs, or other files. These attachments often contain malware that can infect your computer.
- Never open attachments from unknown or suspicious sources, especially if the email also has other signs of phishing.
Hover Over Links
- One of the easiest ways to detect a phishing attempt is by hovering your cursor over any links in the email without clicking. The actual URL will display, and if it looks unrelated or suspicious (e.g., "com-onlinebanking.com" when the email claims to be from DocuSign), it’s likely a phishing attempt.
- Legitimate companies always use official domains, and any discrepancy should be treated with caution.
Misspellings and Poor Grammar
- Phishing emails often contain spelling mistakes, grammatical errors, or awkward sentence structures that are not typical of professional communication from legitimate companies.
- Always take note of poorly written emails, as this can be a sign of phishing.
Requests for Personal Information
- Be extremely cautious of emails that ask for sensitive information such as passwords, social security numbers, or credit card details. Legitimate companies will rarely, if ever, request personal information via email.
- Always navigate directly to the company’s website and log in from there if you're unsure, rather than using links provided in the email.
Inconsistent Branding
- Phishing emails often mimic the branding of legitimate companies but may have slight inconsistencies, such as different colors, logos, or formatting.
- Compare the email with past communication from the company, especially in terms of visual presentation and tone.

Steps to Take if You Receive a Suspicious Email

Do Not Click Links or Download Attachments
- If you suspect an email might be phishing, avoid clicking any links or downloading attachments.
Verify with the Company
- If the email claims to be from a company you do business with, contact them directly using a trusted method (such as visiting their official website) to confirm the email’s legitimacy.
Report the Email
- Many email providers have options to report phishing emails. Reporting helps prevent future attacks for others and may help identify broader phishing campaigns.
Delete the Email
- After confirming that the email is phishing, delete it immediately from your inbox and trash folder.

Conclusion

Phishing emails can be difficult to spot, but by paying close attention to the details, such as sender information, URLs, and the content of the message, you can often identify and avoid these attacks. When in doubt, verify the email with the company or organization in question, and always prioritize caution before clicking links or providing any personal information.

Stay vigilant, and protect your personal information from phishing scams by following these guidelines.

If you receive an email you believe to be a phishing attack, please forward it to phishing@inumc.org