The Web For Business.com Blog

Internet marketing observations, perspectives, tips and tricks for your education and enlightenment.


5 Ways to Identify a Phishing Attempt

Mark Kawabe - Thursday, October 02, 2014

Wondering whether that email's legitimate?Have you heard of phishing?

You've probably received an email purporting to be from your bank, or PayPal, or some other institution asking you to verify your personal information. How can you tell whether this is a legitimate email or not?

Here are a few simple tests.

1. The "Really?" Factor

Do you honestly believe your bank, or American Express, or PayPal or any other reputable institution use email as the sole method of contacting you about a security breach?

They don't, so right away, you can pretty much discount anything you receive of this nature. But if you're not sure, keep going. There's more!

2. The "Hover" Test

Often there will be links to a website for you to click on. Hover your mouse cursor over each link. Look for ones that do not go to the website of the institution you're dealing with. If the email is from PayPal, EVERY link should point to Paypal.com in some form or other.

Don't be fooled by an address that says https://paypal.com.securessl-server.ru

A proper URL to PayPal will have a / after the paypal.com part of the address. Most of the time, some links will be legitimate but there will always be at least one link (the one they want you to click on) that will take you somewhere you don't want to go.

3. Check Spelling and Grammar

I recently saw an email that had a subject line as follows:

"Re; Payp[al: Your account has been limited until we hear from you"

The rest of the message had spelling and grammar errors as well. Large companies like PayPal wouldn't send out an email with egregious spelling and grammatical errors. They just don't, so if you see even ONE error, assume it's a phishing attempt.

4. The Correlation Test

If you receive an email from a bank or credit card company talking about online fraud, check out that company's website. The fraud message you received by email should also be on their site. If it's not, the message on your screen is probably phony.

5. The Common Sense Test

If you received an email from a bank you don't even deal with, it's probably a phishing attempt. Banks you don't deal with don't randomly contact you asking you to verify your contact information. My bank hardly contacts me at all. Why would one I don't even deal with start sending me messages now? It doesn't make sense.

Phishing attempts are geared to play upon your fears and ignorance. By reading this, I hope you will be more able to easily spot phishing attempts. Don't click a link in an email unless you're sure it's a legitimate message from a company you currently deal with.