To help you identify phishing emails, lets look into a few common red flags to keep in mind.
Are you sure that this email from Microsoft is actually from Microsoft? Look again!
Phishing emails will usually fake the display name of the sender on the email, but not the actual email address.
In the above legit-looking email, notice:
1) The email address is not from Microsoft.com or office365.com,(Only the ‘display name’ claims to be Microsoft)
2) There are numerous spelling and grammar errors.
Another tactic to deceive you into believing phishing emails are genuine:
Phishing emails will usually try to induce a sense of urgency & panic to get you to act without thinking twice or taking your time to vet the authenticity of the request.
An example (below) would be: “Your account will be Blocked!” or “Your account expires Today!”
In this screenshot, in addition to its urgent implication, the display name of the sender is “Outlook Team” and the “to” email address looks legit. But these are optical illusions.
Another thing to look out for is incorrect email, link , or grammar and spelling, as you’ll see in the next screenshot:
There are a few giveaways in the above screenshot, besides the grammatical errors.
- @outlook.com is a free personal email domain that everyone can use to create their own email account ending with @outlook.com, (just like @gmail.com).
- Check the spelling of the email address. Outlooo? Teeam? No, thanks.
- “Dear Outlook user”. Microsoft knows your name and they would’ve included it in the email.
3. Before you click on this – OR ANY – link, hover your mouse over it and see where it takes you, does it take you to outlook.com? Nope! For all you know it takes you to a website ending with .in which means it is located in India!
To conclude, keep the following tips in mind:
THEY ALL LOOK REAL – NEVER TRUST AN EMAIL.
Always verify the “From:” email address (not just the display name) Carefully inspect the hyperlink – Hover your mouse on the link to verify its the site you intend to get to. If you didn’t expect it, it’s most often spam If you’re skeptical, trust your gut feeling and NEVER disregard it. Contact the sender or have support confirm whether its authentic or not. Legitimate companies NEVER request your sensitive information via email Legitimate companies have emails with their own domain name (not @gmail.com, or a domain unrelated to the company) Legitimate companies know how to spell Legitimate companies don’t send unsolicited attachments When in doubt, always type the intended website address yourself. Instead of clicking on the link in the Microsoft email, go directly to Microsoft.com from your browser.Still in doubt? Forward the email to our support team and we’ll carefully review it for you. Remember, precautions don’t hurt, better be safe than sorry!