A phishing email is a bogus email that is carefully designed to look like a legitimate request (or attached file) from a site you trust, in an effort to get you to willingly give up your login information to a particular website — or to click and download a virus.
Often these emails look 100-percent legitimate. They show up in the form of a PDF (scanned document) or a UPS or FedEx tracking number, a bank letter or notification, a Facebook alert, etc. That’s what makes them so dangerous. So how can you tell a phishing email from a legitimate one? Here are a few telltale signs.
First, hover over the URL in the email — but do not click! — to see the actual website you’ll be directed to. If there’s a mismatched or suspicious URL, delete the email immediately. In fact, it’s a good practice to just go to the site directly (typing it into your browser) rather than clicking on the link.
Spelling errors and poor grammar are other telltale signs. Another is that the email is asking you to “verify” or “validate” your login or requesting personal information. Why would your bank need you to verify your account number? The bank should already have that information. Finally, if an offer seems too good to be true, it probably is.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.