Spot phishing scams and don't take the bait

Phishing scams profit from your false sense of security. Protect yourself by learning how to look askance at any odd-seeming email.

Can you recognize a phishing scam email when you see one? Do you know what signs to look for to identify a phishing attack, and avoid becoming a victim? In honor of National Cybersecurity Awareness Month, PhishMe has developed an infographic with helpful tips to keep you safe and secure.

PhishMe points out the usual, common-sense things you should do to avoid getting compromised--by either phishing scams or malware exploits. Don't open unknown file attachments or click on links in suspicious emails, and don't enter your credentials on login pages linked from email messages.

Hopefully that goes without saying at this point for emails you receive from unknown sources. It doesn't take a rocket scientist to realize that you aren't expecting a package from UPS, or you haven't actually conducted business that would involve a suspicious email with a cryptic "invoice" attached. Don't let curiosity get the best of you. You can be fairly sure it's not legitimate--and even if it is, you know it's not for you. Just delete the message.

Some messages are crafted better than others, though, and might not stand out as obvious phishing scams. Case in point: I recently received an email from my best friend. The subject was simply "Check this out," and the body consisted of a terse exclamatory statement, and a link to click. It was odd in the first place, because my friend and I don't exchange emails very often. Add in the vague subject line, the urgency of the body text, and the bizarre URL, and the message definitely raised some red flags.

When in doubt, check it out

I reached out to him on Facebook Messenger to confirm whether he had, in fact, sent me an email on purpose, and that it wasn't just spoofed, or his PC hadn't been compromised in some way. It turns out the message was legitimate, and he did actually send it to me, but better safe than sorry for suspicious-looking emails like that.

Other tips on the PhishMe infographic draw attention to elements that are more obscure or subtle than file attachments and suspicious links.

For example, consider the emotion of the message. If you receive an email that isn't a blatantly obvious phishing scam, take a look at the sentiment. Phishing scams rely on greed, curiosity, fear, or a sense of urgency to drive potential victims to action. Does the email dangle a financial reward, or threaten you with negative consequences if you don't act? Emails that drive urgency and try to con you into acting immediately should make you think twice--or three or four times.

Next, double-check where the email came from, and think about the tone and cadence of the message. Some phishing scam emails may seem to be from a source or contact you're familiar with, but what you see can be spoofed and may not match the true source. If the message says it's from "Tony Bradley," but the return email address is "" --or something to that effect--you should ignore the message.

Finally, look at the message itself. Many phishing scam emails are written in broken English--which should be a clear indication that it's not really from your coworker, or your bank--but in some cases the English might be fine...sort of. If the vocabulary and tone of the message seem odd--perhaps a bit too formal, or ostentatious--it should raise some red flags.

Even if an email message seems to be legitimate, it's better to be safe than sorry. Do what I did: Follow up with the source through a different channel to confirm the message is legitimate. If it's an email from a company, call customer service directly using a phone number you get from the company's legitimate website--don't email or call any sources listed in the email! Or open a new browser window and log into the site on your own terms.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityphishmescamsphishing scamupsmalwarephishing attack

More about FacebookMessenger

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts