How to recognize a phishing email
Phishing emails are fraudulent email messages designed to trick you into disclosing personal information like usernames and passwords. These messages appear to come from legitimate sources such as banks, internet service or email providers.
Phishing messages can appear at first to be authentic, with convincing images, logos or other content.
Some tell-tale signs of phishing messages are:
- Bad spelling or grammar.
- Requests to verify an account, or threats to suspend an account.
Beware of links
Never click on a link in a phishing message. They will probably take you to a fraudulent log-in page, but may also infect your computer with malicious software.
Example of a phishing email
In this case Microsoft Outlook detected the email as suspicious and flagged a warning.
Tell-tale signs
Phishing’ emails tend to have generic greetings such as “Dear PayPal member”. Emails from PayPal will always address you by your first and last name.
Inspection of the message source code can reveal more information—in this case, that the ‘PayPal’ image is hosted on ImageShack, a popular online photo sharing service, but one unlikely to be used by a major company.
The Outcome
The website linked to in this email had already been reported as fraudulent and was blocked by Firefox.
Fake PayPal log-in
The fake log-in page looks very convincing because it actually uses content from the real PayPal site.
Real PayPal log-in
More information
- How to recognize phishing email messages (PayPal)
- How to recognize phishing email messages (Microsoft)
- Phishing: Frequently asked questions (Microsoft)
- Messages asking for personal information (Google)
- Stay Smart Online (Australian Government’s internet security website)