Detecting fake emails and phishing

Fake emails

  • View the header info. Pay attention to the email address of a sender. It may imitate a legitimate sender. With only few characters altered or omitted, cybercriminals will often use an email address that closely resembles one from a reputable source.

  • Look closely at the content:

    • Hover your cursor over any links in the body of an email. Links not matching the text that appears raise a red flag. So does the use of URL shortening services. Email clients can be viewed in simple text instead of html, so one never forgets to do this.

    • Poor grammar and sentence structure, misspellings, and inconsistent formatting can be other indicators of a possible phishing attempt.

    • An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware, even when it seems to come from a friend, or an employeur.

    • A false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first, completes this picture. Do not.

  • Verify message source.

  • Check the reply email.

  • Reply and wait for the result.


  • Be wary of emails asking for confidential information.

  • Don’t get pressured into providing sensitive information. Phishers like to use all kinds of social engineering. Learn what you can about it.

  • Check a website’s privacy policy, especially whether it will or will not sell its mailing list. If so, do not register.

  • Watch out for generic-looking requests for information.

  • Never submit confidential information via forms embedded within email messages.

  • Never use links in an email to connect to a website unless you are absolutely sure they are authentic.