10 Tips to Spot a Phishing Email

Phishing emails come and go all year-round, especially during holidays, thus it is important that you learn how to spot “fishy” emails before you click on them.

Phishing emails
Phishing emails

Phishing refers to the action in which someone tries to obtain sensitive information about a user and is often intended for malicious reasons. Generally it happens via electronic communication and requires that the user either clicks on a link that redirects them to an unsafe website or to enter the sensitive information into a website that seems (or looks) familiar.  

Every day countless of phishing emails are sent to unsuspecting victims all over the world, while some of these messages are so outright stupid and obviously fake there are ones that are a bit more convincing. So how do you tell the difference between a phishing message and a legitimate message? Unfortunately there is no single technique that works in every situation, but there are a number of things you can look for. Below are 10 helpful tips for spotting phishing emails.

1: The Message contains a mismatched URL

One of the first things we recommend you do is to investigate the integrity of the URLs provided within the email. Often the URLs used in phishing emails will appear perfectly valid; however if you hover with your mouse over the link (or URL) you will notice that the website link itself does not match with the email or contents of the email.

Here is an example of what a URL mismatch would look like and work. The URL below displayed the URL for iWits’ Facebook page, if you copy and paste the URL into your browser URL bar you will be taken to our Facebook page, but if you click on the link, you will be taken to our Twitter page. Try it for yourself: www.facebook.com/iWitsDevelopment

2: URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains work. The last part of a domain name is the most telling. For instance, the domain name images.google.com would be a sub domain of google.com; you can easily spot this as google.com appears at the back of the domain name. Conversely, google.com.malicious.com would clearly not have originated from google.com because the reference google.com is on the left side of the domain name and not the right.

This trick is used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Google, Apple or even Facebook. The phishing artist simply creates a sub domain bearing the name Google, Apple or Facebook.

Knowing how the DNS naming structure of a domain works would be an ideal way of knowing if the domain name is real or not; however for many people this might be a tad too technical so we recommend using Norton’s Safe Web Search. This handy tool allows you to look up sites to find out if the website is trusted or not.

3: Poor spelling and grammar

Whenever a large company sends out a message, the message is usually reviewed for spelling and grammar mistakes however in the event that a phishing email is sent out this are not the case. In many cases phishing emails contain horrible spelling and grammatical errors which should be a clue.

4: The message asks for personal information

No matter how official an email message may look, it’s always a bad sign if the message asks you for personal information. For instance, your bank may not request that you provide them with personal information via email, except if you’ve completed an indemnity form, thus if you have not completed such form with your bank do not share your personal information via email.

In the event that you obtain an email from a corporate company requesting that you disclose your personal information it would be wise to contact the company and try to speak directly to the person who sent the email, if it was a phishing attack the changes are that the person may not be real or even work for the company in question.

5: The offer seems too good to be true

There is an old saying, if something seems too good to be true it most probably is. That holds trust for email messages as well. If you receive a message from an unknown person informing you that you won millions, the chances are that you most probably didn’t.

6: You didn’t initiate the action

If you get a messaging informing you that you have won a contest you did not enter, you can bet that the message is a scam. No one has ever won something by absolutely doing nothing, and you will never be an exception to the rule.

7: You’re asked to send money to cover expenses

One tell-tale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message, but sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens you can bet that it’s a scam.

8: The message makes unrealistic threats

Although most phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam.

For instance, let’s say an official-looking letter was allegedly sent from a bank. Everything in the letter seems completely legit except for one thing. The letter states that your account has been compromised and that if you did not submit a form (which asked for your account number) along with picture ID or whatever, your account would be cancelled and any assets would be seized.

Now please note that no bank or company can simply seize all your assets without any real reason. In such events the company or bank would also send such information by postal or a courier service or even a lawyer. In fact if you aren’t 100% sure about such threats made to you, we advise seeing a lawyer as he/she would be able to assist in determining if the letter was real or not.

9: The message appears to be from a government agency

Phishing artists who want to use intimidation don’t always pose as banks, sometimes they’ll send messages claiming to have come from some form of law enforcement, IRS, FBI, or just about any other entity that might scare the average law-abiding citizen.

Government agencies don’t normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email; however, they have strict protocols to follow. They don’t engage in email-based extortion – however not in our experience.

Also in Namibia, we have no electronical act that links any person or organisation to an email, thus this is why you still need to get specific documents printed on paper for it to be seen as a legal document.

10: Something doesn’t look right

In casino’s security teams are taught to look for anything that JDLR – just doesn’t look right, as they call it. The idea is that if something looks off, there’s probably a good reason why. The same principal almost always applies to email messages. If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.

Related Posts

  • Credit: Google Doodle

    How I learned, using Google

    Unlike some of my friends, I grew up with no internet access, while they were turning to Google to do research for school I had to mosey on down to the local library where I had to rely on outdated books and encyclopaedias for the information I needed. ...

    read more
  • Ecommerce Challenges

    Namibia’s Ecommerce Challenges

    The term eCommerce refers to the purchasing and selling of products online using various electronic methods to complete the transaction. While this form of online shopping has been quickly adopted in many countries throughout the globe, Namibia has however not fared so well. Many may argue that the main reason for this is the adoption rate of mo...

    read more
  • Online advertising

    Reference Guide: Online Advertising in Namibia

    Online Advertising, if used correctly, can be an extremely powerful marketing tool that does not only help companies promote their products and services online, but it promotes the products and services to people who have shown interest – or that is how Online Advertising should work. ...

    read more
  • Mmmmmm.....Cookie!

    Cookies... Not just for dunking in Milk!

    Cookies are used both in real-life and online, the main difference being real-life cookies can be used to store Milk which is then transferred to your mouth and stomach, while digital cookies are used to store data which is transferred to websites. It’s not really that simple, but in a nutshell that is the main purpose of a cookie. ...

    read more
  • What are domain names and how do they work?

    Domain Names: Everything you need to know

    A domain name is something that is used by every person browsing the internet, whether you know what it is or how to use it, it still exists. ...

    read more
  • Cyber Attack Crime

    More and More Namibians are being hacked

    Ever seen an unusual post being shared on a friends wall, or have you received an odd email from a friend with an attachment. The chances are they have been hacked! More and more Namibians are being hacked, but who is to blame? ...

    read more


This is an unsafe browser and you're vulnerable to being Hacked

Your browser is so unsafe that Hackers could get FULL ACCESS to your entire Computer, via remote access. iWits HIGHLY RECOMEND upgrading your browser for your own protection. Click on any of the three links below to find out more.
The Hacker News | Win Beta (Microsoft news and more) | Laxmikant Patil

To ensure your safty always upgrade software on your Computer. Almost 90% of upgrades are security related. So start by upgrading your browser with the link below: