Phishing is an illegal practice in which someone sends a fraudulent email that may look entirely legitimate by trying to impersonate an entity or person in an attempt to gather specific information, usually personal or financial. If successful, it can result in identity theft or financial loss for the victim.
Generally, the fraudulent email asks for personal information, such as your login credentials, to be submitted to another website that tries to impersonate the legitimate entity, such as a social media page or a financial institution.
Before you provide anyone with any details about yourself, especially sensitive ones, you should always double or triple check if the sender contacting you is legitimate.
There are both perfect and mediocre-looking phishing emails that get sent on a daily basis. Most of the time though, it is quite easy to identify them since they specifically ask for personal or financial information.
There are a few details that can help you protect yourself and identify whether an email might be a phishing attempt.
Check the sender’s address - If the sender claims to be from a big organization and if the domain is misspelled (e.g.: @amzon.com, @paypall.com) or it’s a public domain (e.g.: Gmail, Yahoo, Outlook), it’s likely to be a phishing email as big entities do not have email addresses like these.
Scrutinize the email for any typos - In mediocre-looking phishing emails, there are usually several obvious typos and they are poorly written.
Compare the email with other emails sent by the entity they claim to represent - Verify if the style of the message is different from the others.
The sender asks you to sign in or provide personal or financial information in a specific URL - It is highly unlikely that the legitimate entity will ask you to provide this kind of information in an email out of nowhere.
Verify where the email is sent from - Big entities don’t normally use email marketing providers to send emails as they usually have their own email marketing tool created specifically for them.
Check if the links look suspicious - Phishers often try to disguise their unsafe links by using link shorteners. An email from a legitimate entity would show you the actual link of where you’re going to be redirected.
If you end up clicking the link, check the content of the website and the link in the URL bar - There are phishers that can create legitimate-looking websites that are identical or very similar to the one they are trying to impersonate. If it looks pretty authentic, check the link in the top URL bar of your browser. If you don’t know the legitimate domain of the entity, you can use a search engine (e.g.: Google, Bing) to locate the real website and compare.
If you receive any message that looks like a phishing email, do not click any link on the email and notify us immediately by reporting it.