Phishing attempts work when they gain your trust and make you act emotionally. For example, if an email looks like it comes from your bank, you are likely to recognize it and trust it. If it says you need to take immediate action to avoid penalties, you may be alarmed and act immediately, clicking on any links in the email.
So how do you recognize and avoid phishing emails? When the stakes are high (e.g. when urgency or money is involved), slow down a second and take a closer look with this checklist.
- Does the email contain poor spelling, bad grammar, or awkward phrasing?
- Is the “from” address unrecognizable or weird?
- Does the email promise large sums of money or other unbelievable offers?
- Does the email use threatening language?
- Does the email contain a sense of urgency?
- Does the email have a call-to-action such as clicking a link?
- Does the email contain an unexpected attachment or request for money?
If the answer is yes to any of these questions, then be cautious and follow your organization’s policy for dealing with and reporting suspicious emails.