How to Spot a Phishing Email

Not sure if the email you have is legitimate? Look for these warning signs often found in a phishing attempt:

1. Wrong email address. The person that sent the email has the same name as someone at CSUMB, but the email address does not end in csumb.edu.
2. Different website address. The URL shown on the email and the URL that displays when you hover over the link are different from one another.
3. The website is not secure. If you do go ahead and click on the link of an email to fill out personal information, be sure you see the “https” abbreviation as well as the lock symbol at the beginning of the URL. If not, that means any data you submit is vulnerable to cyber criminals.
4. Asks for personal information. The email, text, or voicemail is requesting that you update/fill in personal information. This is especially dubious if it’s coming from a bank or the IRS. Treat any communication asking for your credentials with extra caution. Instead call the institution trying to contact you directly.
5. The formatting and design are different from what you usually receive from an organization. Maybe the logo looks pixelated or the buttons are different colors. Or possibly there are weird paragraph breaks or extra spaces between words. If the email appears sloppy, be suspicious.
6. The content is badly written. Are there obvious grammar errors? Is there awkward sentence structure, like perhaps it was written by a computer program or someone whose second language is English? Always take a closer look and if you're unsure, contact the person or agency the email is from using the number listed on their website- do not use contact information from the questionable email.
7. It sounds desperate. A phishing email almost always sounds desperate. Whether they’re claiming that your account will be closed, an urgent request is needed, or your account has been compromised, think twice before double-clicking that link or downloading that attachment.
8. Attachments from unknown sources that you were not expecting. Don’t open them, plain and simple. They might contain malware that could infect your system.

More resources

• Tech Tip Tuesday Episode 9: Spear-phishing using a real life example from CSUMB
• Tech Tip Tuesday Episode 26: Phishing and other scams
• Tech Tip Tuesday Episode 58: Red flags for phishing and malware
• Knowledge Base: How to Report A Phish Email
• Knowledge Base: You’ve been phished, What to do next. 
• FTC: How to Recognize and Avoid Phishing Scams