How to Recognize a Phishing Email

“Phishing” emails are trying to get you to click on a link and enter your username and password. They may use this approach to steal your credentials for a bank, a credit card, or an online account. Some are better than others, but there are some things to look out for.

I received this phishing email this morning trying to steal my Office 365 logon. Ironically, Office 365 delivered this directly to my Inbox, without flagging it as suspicious. This one is a good example of a not-very-good phishing email:

Phishing email 1

And when you hover the mouse over the Confirm Now button (without clicking):

Phishing email 2

In summary, when evaluating whether an email is legitimate:

  • Check the From address.
  • Check for proper grammar, spelling, spacing, and punctuation. Microsoft will not ask you to “update within 12hours to avoid being deactivate.”
  • Hover over buttons or links, without clicking, to see where the link would take you.
  • Step back and do a “sanity check.” Is there any possibility that your Office 365 account is out of date? You could always log in to your Office 365 portal directly to check.

Not all phishing emails are so poorly constructed. Stay alert. If you need help evaluating an email, contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.