How To Spot Phishing Emails

Access & Authorization

If you didn't have a video doorbell would you simply open the front door without knowing who’s on the other side? For the same reason, all startups, small businesses and nonprofits should stay up-to-date on the latest phishing and social engineering scam that hackers are using, to ultimately steal from your business.

The bad guys have figured out that people are the weak link and are ramping up the frequency and sophistication of their attacks. However, most phishing emails still rely on recognizable “hooks” that we can all learn to spot, such as:

  • Asking for your login and payment Information. Type the business’ URL into your browser and go to your account directly. Never click the link.
  • An unfamiliar greeting or tone. Look for irregular syntax or tone that’s too formal, too familiar, or a mix of both. Phishing emails are often created offshore so this happens often.
  • Spelling grammar errors. Often times hackers don't take the time to check the spelling and grammar before sending communications. Legitimate businesses take time to proofread their emails before sending them.
  • Wrong email address or a “similar” domain name. A phishing email address or domain will usually be slightly off by one letter or number.
  • Sense of urgency or threat. Scammers often try to scare you into clicking the link with headlines like: “Update your account information now or we will delete you account access!” Type the URL in your browser and go to the site directly if you are in doubt of the email's call to action.
  • Unrequested attachments. If you weren’t expecting an email from this sender, open a new email (don’t respond) and ask if the email and attachment are genuine.

When you receive a phishing email, remember DO NOT CLICK ON IT. Both Google Workspace and Microsoft365 provide protection against advanced phishing, malware, spam, and business email compromise. Let us know if you need assistance looking at the phishing settings in your email system.