Phishing emails are nothing new. In fact, they’re practically as old as the Internet itself. To define the term as succinctly as possible, a phishing email has the appearance of legitimacy, but is in fact sent by a bad actor with malicious intent. Phishing messages may be designed to breach sensitive data, to compromise your login credentials, or even to infect your network with a sinister virus.

But while phishing isn’t exactly novel, its methodologies grow more sophisticated all the time. Simply put, hackers are getting very clever, and that can make it hard to determine exactly what a phishing email looks like.

In this post, we’ll share a few of the most common red flags, all of which signal the possibility of a malicious email message.

How to Spot Phishing Emails: 6 Reg Flags

  1. A sense of urgency. Phishing attacks often try to convey a sense of urgency, prompting you to bypass the rational side of your brain in favor of immediate action. If you get an email that threatens you with some type of adverse consequence or lost opportunity, simply because you don’t act quickly enough, that could be a sign of phishing.
  2. Bad grammar and sloppy spelling. Turns out hackers aren’t known for their attention to detail, as many phishing emails come filled with typos and other grammatical errors. Remember that most legitimate business operations will have built-in spelling and grammar checks, luxuries that the average hacker can’t afford.
  3. Unusual salutations. When you’re emailing back and forth with colleagues, you usually use informal salutations (if you use a salutation at all). So if you start getting messages that start with “Dear…” or a similarly unusual opener, that may be a sign that the email is disreputable.
  4. Dubious domain names. If you ever get an email from (just for example) Google, the email will undoubtedly come from a google.com email address. So if you hover your mouse over the sender and see that the domain is something a little off (even a weird variant of google.com), that’s an obvious red flag. Emails with dubious domain names should always be flagged for phishing.
  5. Suspicious attachments. Your colleagues will likely share important files via Google Docs, Dropbox, or a similar service. If you get an attachment that you aren’t expecting, be very cautious. It could contain a malicious virus.
  6. Requests for sensitive information. Legitimate organizations, including banks and financial institutions, pretty much never request your login credentials or payment information via email. If you start getting such requests, be on guard.

Be Vigilant About Email Security

Remember that phishing emails will usually appear pretty normal, at least at first. Closer scrutiny may be required to deduce whether there are any major red flags. Use these guidelines to help you identify and avoid aberrant emails. And with questions about how to minimize your exposure to phishing attacks, contact the BlueArmor team directly.