Learn to Phish – 10 Minutes

These are the most common indicators that you might be looking at a phishing or scam email. Even an email from someone you know may be a phishing email if they fell for it first.  Below are some Phishing email examples.

  1. S.A.L.U.T.E. Your Emails
    • Sender – Check who sent the email, the name and email address. A single letter off could be the difference between a real and phishing email.  See some examples here.
    • Attachment – Some attachments like PDF’s and Word(.doc) documents can run code when opened so you should only open attachments from trusted sources.  See some examples here.
    • Links – When on a desktop computer hover your mouse over a link before clicking. Which one of these links is legitimate? Google, Google, or Google?
    • Urgency – Using urgency can be an indicator of a scam or malicious email too. That unexpected, urgent invoice or shipping notification may not be real.  See some examples here.
    • Too Good to be True – A free iPad or 90% discount is probably not real, check to be sure it is not a scam.  See some examples here.
    • Errors – Multiple misspellings or grammatical errors could indicate a scam or phishing email.  Test your skills using the Phishing IQ Test.
  2. Use a Secure Email Provider
    • Gmail – Free(as in money) and easy to use with great warnings about phishing emails.  Unfortunately Google does your information and emails to target you with ads so you do pay one way or another.
    • ProtonMail – Free plan or $4/month for additional security features.  Good email for the privacy minded, but lacks the phishing protection seen with Gmail.
    • Yahoo – Yahoo, although popular, cannot be recommended after all 3 billion accounts were hacked.
  3. When in Doubt, Check it Out
    • Important Note: documents or links with potentially sensitive information(i.e. banking, personal, or health information) should not be checked with these public tools.
    • VirusTotal – Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
    • Hybrid Analysis – Free malware analysis service for files.
    • Google Safe Browsing – Check URL’s for malicious content.
    • Find Additional Tools…
  4. Secure the Device