Some tips for spotting a phishing email

Ninety-four precent of NordVPN’s National Privacy Test respondents said they would ignore an email request from a bank asking for personal information. Yet statistics show that up to 45% of Internet users keep clicking on dangerous links or providing personal information where they shouldn’t.

The prevalence of phishing scams signals that more sophisticated baits are still very profitable for cyber criminals, according to the folks at NordVPN, a VPN service provider. In another example, Kaspersky reports that Kaspersky Lab products blocked 51 million attempts to open a phishing page in the first quarter (Q1) 2017. 

According to Verizon’s research conducted in 2016, 30% of phishing emails get opened. This suggests that although users may recognize basic malicious emails, more sophisticated phishing attempts often still work.

With two major ransomware attacks that have just circled the globe, and rising email phishing, the question remains: how can email users get better at spotting malicious messages? Following are some tips for spotting a phishing email:

  • Check the sender’s address. Don’t just trust the display name – pay attention to the email address. If the domain looks suspicious, don’t open the email.
  • Look for spelling and grammar mistakes. Serious companies don’t usually send out emails with bad grammar and basic spelling mistakes.
  • Analyze at the greeting. Your bank or another legitimate institution would often address you with your full name. If you see a vague “Dear user” instead, remain vigilant.
  • Don’t click on links – instead, hover your mouse on the button to see the destination link. Check if it looks legitimate and, especially, if it contains the “https” part to indicate a secure connection.
  • When in doubt, contact your bank or other institution over the phone or alternative email address and ask to confirm if the email is legitimate.
  • For additional safety, use a VPN. Using a VPN when browsing can protect you against malware and phishing that targets online access points.