February Cyber Security Newsletter - How to Spot a Phishing Email

CyberSecurity Bulletin

How to spot a Phishing Email.

You receive countless emails all day long. From personal emails to work emails, how do you know which emails are safe and which are not?

by Brianna Vega on February 5, 2019

How can you spot a phishing email?

  • Generic Greeting- “Dear Bank Customer” or “Dear Email User”
  • Fake Email Address/Fake web links- If you hover over the sender’s email address it will be different than the name of the sender. If you hover over any URL links in the email they will be different than the information of the sender.
  • A sense of urgency requiring Immediate Action- example, “Please respond immediately” or “Please reset your password immediately” because your account has been hacked or your password is going to expire.
  • Poor Spelling and Grammar- phishing emails will have misspellings, incorrect grammar and odd phrasing.
  • Insecure Connections- always make sure that the website you are entering your information has a URL beginning with https:// The ‘S’ stands for Secure. If you are entering your information into a website and the URL has http:// it is not secure and you should not be entering your personal information into the website.
  • Attachments- Never click on an attachment unless you are expecting the attachment from a trusted source. Attachments in a phishing email could be disguised as a meeting invite, a word document or excel spreadsheet. These attachments are used to hide a virus, spyware or malware. Even if you believe you know the sender of the email, always call the sender to confirm the attachment. They too could have opened a phishing email and now their emails have been compromised and that malware or virus is spreading to all their contacts.

What does a Phishing Email look like?

This is an example of a phishing email sent from “Bank of America”, you can see that the sender’s email address is not a Bank of America email address. That should be your first red flag and the first thing you look for when receiving an email. The email also uses a generic greeting instead of addressing you by your name. The email also wants you to sign into the URL provided in the email. When you hover over the URL it is not a Bank of America URL. There are grammatical errors made in the email as well.

I will be sending out monthly security newsletters. If you ever have a concern or question on best security practices please feel free to email me at bvega@shrewsburyma.gov

Thank you!