Context:

These days phishing has become commonplace and it's critical for everyone to be aware of the email they get and never to assume that anything is what it appears. Whether it be notifications from social media sites like Instagram and LinkedIn or messages that appear to be from your bank and credit card, we need to scrutinize this communication carefully before engaging. It used to be that just clicking on a link wasn't a big deal as long as you didn't provide information. However, these attacks have evolved to the point that even clicking an embedded link in an email can potentially compromise your computer and/or account.

What To Do:

Analyze the source of the email

Does the sender's information look legitimate?

• Does the sender's email address match the company with which they claim to be affiliated?
• The use of easily obtained email addresses (Hotmail, Yahoo) could indicate that the message is a phishing attempt.

Is the subject matter something you normally discuss with the sender?

• Attackers can make it appear that the email is coming from a sender known to you, though the subject will often be unusual.

Do you know the sender?

• Unsolicited emails from an unknown person may be an indicator that the email is malicious.

Analyze the body of the message

Is there a sense of urgency or financial motivation?

• Many phishing emails promise a financial reward with little to no effort or demand payment to avoid immediate consequences.

Is the sender requesting personal information?

• Legitimate companies do not request sensitive information via email

Are there multiple spelling or wording mistakes?

• Many phishing emails originate outside of the US. The sender's primary language may not be English.