Recognizing phishing mail is an increasingly important part of our digital lives. Indeed, as a society, we are increasingly faced with unwanted messages. Individuals and rogue organizations are after our personal data, with malicious intent.

Phishing

To recognize phishing mail, we first need to know: what is phishing? Briefly described, phishing is a method in which scammers pose as trustworthy senders to steal personal information. The data obtained after accessing systems and accounts is often used for financial gain. Phishing comes in many forms, such as smishing, vishing and whaling. However, the most common form of phishing is through e-mail.

What is phishing e-mail?

Phishing emails are popular among cybercriminals because of their ease of use, low cost and high success rate. Obtaining e-mail addresses is easy, and sending e-mails is virtually free.

These rogue messages are emails that appear to come from trusted organizations, such as a bank or postal company. Usually they ask to click on a link and then log in. On the other hand, they sometimes ask for personal information that can be used to commit identity fraud.

Recognizing phishing emails

About 75-90% of all cyber attacks start with an email. And the damage from cybercrime is expected to reach 10.5 trillion USD by 2025. Not crazy considering that larger organizations can lose millions when they are unreachable, damage their brand and undermine customer trust if a phishing or spear-phishing attack is successful. But smaller organizations in particular can also suffer huge losses. Especially since security is often not up to the same standards as larger organizations.

Phishing emails characteristics

To avoid these fatal consequences, awareness is usually the first step to a successful defense strategy. This is possible by learning to recognize phishing email characteristics.

Impersonal salutation

When a bank sends their customers a message, you can assume that it will usually be personalized with first name and last name. In the majority of phishing attacks, however, this is not the case. The attackers usually limit themselves to: “Dear Sir/Madam,” or “Dear Customer”.

However, you should note that there are more sophisticated forms of phishing such as spear phishing. In this case, the e-mail is fully personalized, perhaps even including data from your social media profiles.

View URL

Are you asked to click on a link? If so, don’t. However, you can hover your mouse over the link. You will then usually see the actual website you are being directed to appear at the bottom of your screen. Check this link carefully. Usually the referenced link does not match the website it should be. For example, one can write facebook as faceboook or phasebook. It looks identical, but unfortunately it is not. Some hackers actively play on this and capture these types of domains. This type of fraud is called “Typosquatting.

Our advice is not to click on a link in an email. Instead, surf to the company’s website and log into your account. In your account, you can then perform the actions.

Poor grammar

Furthermore, poor sentence structure, spelling errors and strange formatting are also clear signals of a phishing attempt.

Trustworthy organizations

Scammers often use popular applications and software. Consider companies such as Wetransfer and DocuSign. Always contact the sender before clicking on a link. Also, it is also highly recommended to check the sender of the message.

Attachments

Phishing emails often contain malicious attachments or links. Malicious attachments can often be recognized as a .rar or .exe file. Although it is not limited only to these extensions.

Urgency

Scammers often use social manipulation to take advantage of our human shortcomings. When we as humans need to do something urgent, we often tend to make mistakes. So you can recognize phishing mail by urgency. Contact the affected person or organization to verify the request.

Phishing mail example

Below is an example of a phishing email. On our phishing examples page we elaborate on the email below and more examples.

FAQ Phishing

What should you do in the event of a phishing email?

Our advice is to delete the email. Additionally, if you see that the email comes from a legitimate company email, it is best to inform the company in question.

Can you get a virus by opening an email?

No. It is basically safe to open a phishing email. As long as you do not open the attachment and do not click on links, you are not in danger.

Why am I getting so many phishing emails?

It could be that your email was collected by spammers in a data breach. On the other hand, you may have interacted with a phishing email before or your email address may be findable on the Internet.