Check the email address, not display name
A common technique used in phishing or to spoof real email is display name imitation. A malicious sender will create or modify their account so the display name shows as someone recognizable. This is often used to imitate a company executive or financial controller, obtained by social engineering a company website, LinkedIn page or otherwise. A quick scan of the sender’s email address will reveal if this is the case.
Review links before you follow them
With most email clients, web-based or otherwise, you can hover your cursor over links in an email to see where it goes. If the address looks unusually long or isn’t recognized don’t click on it. Very few banks or other secure systems will ever contact you via email with a link provided for sign-on.
Watch out for poor grammar
Most organizations take the time to present themselves in a professional manner. Many illegitimate messages, especially phishing scams come from different countries where the spelling and grammar isn’t quite right when translated to English. This is a good indication that the message should undergo further scrutiny before considering action on it.
Beware of generic greetings
If you receive a message that addresses you by your job title or a generic salutation like “Dear Customer”, beware. Messages such as this could indicate that the sender does not know who you are and are just phishing for personal information about you.
Use caution with messages that call for action
Many phishing emails will prey on users with messages that suggest their services will be disrupted. It is common to see phishing messages stating ‘mailbox out of storage’ or ‘your account has been suspended’. The goal of such messages is to bring you to a fake website that looks like something you may regularly sign into, such as a bank or webmail. Never use links from within an email if they are suspicious. Instead type the address of the website you’re looking for manually to ensure you end up on the correct website.
Be careful with unexpected attachments
It is increasingly common to see messages that impersonate shipping companies, cloud service providers, etc. Such emails will advise that a package is waiting for the user or they need to pay an invoice to maintain service. These messages will contain a ZIP attachment, or a PDF with links inside it that ultimately lead to a virus or ransomware. Use discretion with messages like these. If you aren’t expecting a delivery, or you don’t have services with the ‘sender’ the message should be deleted.