How to Spot Phishing Scams


We’ve all gotten plenty of spam emails, but have you heard of ‘phishing’?

I’ll give you a hint, they’re basically the same thing. One important difference, however, is that phishing emails, and even texts, are actively trying to steal your information.  The Oxford Dictionary defines phishing as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”

In the last few years, phishing emails have gotten clever and now go beyond just asking for your password or social security number outright. For example, a scammer may send an email that appears to come from within your company, or from an automated Netflix account. You may have even received a spam text telling you that your phone is receiving too many spam messages, and to reply to make them stop! They’ll tell you that your payment information has declined and to re-enter it by following a link, or they may pose as a member of your own company, asking you to confirm a password or other personal information. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in 2019.

Luckily for us, there are some pretty easy ways to tell if a message is legitimate. 


  1. Sketchy Sender Information – Does the email look legitimate? Sometimes they may look real, but a word will be spelled wrong,  or the sender name will seem legitimate, but the email address includes a collection of random letters and numbers. For example, an apparent email from Paypal with the address is probably a scam. 
  2. Grammar Check – If the body of the email is full of spelling and grammar mistakes, it’s a pretty good guess that it may be a phishing attempt. Grammatical mistakes in particular are a big giveaway. When sending out messages, hackers often run their messages through spell check, so they end up with correct spellings, but incorrect usages. For example, a phishing email might sound like this: “We detected something unusual to use an application” or “a malicious user might trying to access”.
  3. Suspicious Links and Attachments – If you notice an unusual attachment or link in an email, it’s probably best not click it. For example, if the title of the attachment is simply “Attachment” or “Invoice” there’s a good chance it’s a scam. The same goes for links. Sometimes they make it easy to spot, and you’ll be able to see the destination where the link is going to take you. If it’s anywhere other than the expected site, do not follow it! It’s always best to click out of the email, and pull up the real website in a new tab to reset your password, check your payment information, etc. 
  4. Must Be Completed Immediately! – If you ever receive an email, especially in a workplace setting, stating that a task must be completed immediately, this should raise a red flag. Hackers can now hide their own emails and use one that looks almost identical to the real thing, so always verify with the supposed sender using a different method, like on the phone or in person. 


If you do receive what you believe to be a phishing email, don’t panic! Receiving a phishing or spam email does not mean that hackers already have your information, but they do want it!  Always check where the message came from, do not open any unexpected attachments, and always navigate to the website in question from your browser, not via a link. If you receive a suspicious email to your company account, notify your IT department immediately. 


Happy Internet Safety Month! Be careful out there!