In this technological age, phishing — a form of hacking used to steal personal information or digital credentials — has become a threat to individuals and businesses alike. Phishing is a technique hackers use to trick you into surrendering sensitive information or allowing access to your computer system.

The anatomy of a phish attack can be conducted in a few forms. In this article we will be looking specifically at email and ways to protect yourself from these types of phishing attempts.

phishing email will look like it is from a trusted source (e.g., your bank, a co-worker, a well-known company). Once you click on the malicious link or attachment, however, you will be prompted to enter confidential information. The link could also download malware onto your device. You could be handing hackers precisely what they need to gain access to important accounts without you ever knowing what happened.

Eight Ways to Spot a Phishing Email

As most phishing emails will have at least one telltale sign, here are a few tips to help you spot a phishing email.

1. Tries to panic the recipient with an urgent call to action or threats

Most phishing emails are written to panic you with urgent action. The goal is to make you feel like this is a time-sensitive action that may cause you to miss out or be punished if you do not act. Examples may include, “We have noticed suspicious activity and you need to change your password,” or “You need to make a payment.”

2. First time or infrequent senders

It is not unusual to receive an email from someone for the first time, but when you get an email from somebody you do not recognize, it’s essential to take a moment to examine the communication extra carefully before you proceed.

3. Uses poor spelling and bad grammar

Online service providers have increased their security game by messaging their customers when unusual activity is detected on their user accounts. Not surprisingly, threat actors are using this to their advantage. Pay close attention to emails from your service providers. Check for poor design, incorrect spelling and bad grammar. Some emails look legitimate enough to click if the recipient is not paying close attention.

4. Email is not personalized or uses a generic greeting

Companies you work with should know your name. Be wary of emails addressed to “Dear Valued Member,” or “Dear Customer,” or those that use a generic salutation like “Good Afternoon” or “Hello.”

5. Uses a different domain than the company’s domain

Phishing scams often attempt to impersonate legitimate organizations. Make sure that the email is sent from a verified domain by checking the ‘sent’ field. If the email is from a Gmail, Yahoo, Hotmail, or other popular email platform, be particularly wary.

6. Contains suspicious links that do not match the domain

If you suspect that an email message is a scam, do not open any links that you see. Instead, hover your mouse over, but do not click, the link to see if the address matches the link typed in the message.

7. Includes unsolicited attachments

Avoid opening email attachments, even from a supposed well-known organization. Most companies will not attach or expect you to download files from their emails. They typically will direct you to their website so that you can download documents safely.

8. Asks for sensitive information

Organizations that do business with you will never request account information, credit card information, social security numbers or passwords by email. Except for passwords, the impersonated organization already has this information.

Beyond email, the internet has become a great resource for information and entertainment, but it can also be an avenue for security breaches or identity theft. You can learn various solutions using our free, interactive resource for keeping your and your family’s digital identity secure.

If you have enjoyed these tips and would like to receive more pieces like this, sign up to receive our various LBMC newsletters through our LBMC subscription center.