How to recognize a phishing email

Posted on June 28, 2012 by Geoff

Phishing emails are fraudulent email messages designed to trick you into disclosing personal information like usernames and passwords. These messages appear to come from legitimate sources such as banks, internet service or email providers.

Phishing messages can appear at first to be authentic, with convincing images, logos or other content.

Some tell-tale signs of phishing messages are:

  • Bad spelling or grammar.
  • Requests to verify an account, or threats to suspend an account.

Beware of links

Never click on a link in a phishing message. They will probably take you to a fraudulent log-in page, but may also infect your computer with malicious software.

Example of a phishing email

In this case Microsoft Outlook detected the email as suspicious and flagged a warning.

phishing email

Tell-tale signs

phishing email signs

Phishing’ emails tend to have generic greetings such as “Dear PayPal member”. Emails from PayPal will always address you by your first and last name.

Inspection of the message source code can reveal more information—in this case, that the ‘PayPal’ image is hosted on ImageShack, a popular online photo sharing service, but one unlikely to be used by a major company.

The Outcome

The website linked to in this email had already been reported as fraudulent and was blocked by Firefox.

Firefox web forgery alert

Fake PayPal log-in

The fake log-in page looks very convincing because it actually uses content from the real PayPal site.

Fake PayPal log-in

Real PayPal log-in

Real PayPal log-in

More information