How to Recognize a Phishing Email

You may fall for a phishing email at some point. Hopefully, it will be one of our training messages and not a real scam if it does happen. If you do fall for a training email, take the time to read through the material that explains why that message was a phishing attack. Our phishing simulations aim to inform you of the tactics and tricks used to steal your information and are completely harmless. The training module will prepare you to deal with messages you might receive like this in the future.

Scammers are getting more clever with their attempts to steal your account numbers, passwords, and personal information. The best defense? It isn't a spam filter, antivirus software, or a firewall - it's you! Knowing how to recognize and act on a phishing email can save you the headache and hassle of your personal information being compromised. And in an environment like a school district, it can protect entire systems with thousands of private records from being compromised.

Common Giveaways

Phishing emails will often trick you into acting - either clicking on a link or opening an attachment, and some can even ask you to enter data directly in the message.

Do you recognize the sender? Not just the name, but look at the message details - does the email address in the message details match the sender's name and organization?
Does the subject indicate a problem or try to create a sense of urgency?
Does the email urge you to click on a link or open an attachment to perform whatever action is being asked?
Is their obvious grammatical or speelling errers in the message!

A Deeper Dive

Is the message authenticated? Look under the message details to see if the message is both mailed-by and signed-by a legitimate domain like amazon.com or google.com. In many cases, the mailed-by and signed-by domains will be the same, but this isn't always the case. If you see a question mark next to the sender's name, the message has not been authenticated; be careful to respond to or click any links on messages like this.
Review the URL hiding behind the links. If you hover over a link or button, most browsers will show the URL behind that link at the bottom of the screen. Does the URL at the bottom of your browser match the sender's domain? If you were looking at an email from Amazon but hovering over a link in the email reveals an address like http://www[dot]malware[dot]com, then you probably aren't looking at a message from Amazon.
Is the linked URL secure? Many phishing attacks will direct you to insecure websites. How do you tell the difference? The first part of a URL gives you the answer; secure websites that provide an encrypted connection begin with https:// instead of http://. The "s" literally stands for secure - Hypertext Transfer Protocol Secure. Websites that start with https:// aren't necessarily all safe, but if you don't see this in an already questionable email, it's a good indicator that something isn't right.

A Hint for Those Who Made it This Far

If you've made it this far, congratulations! You deserve a little hint to help spot the phishing emails we send out as part of our security awareness campaign. Despite our best efforts to disguise our training emails, there are still specific rules we follow with email authentication - "after all, we're not savages." Remember when we mentioned looking at the email-by and signed-by fields in message details? Well, the name of the product we use to run our phishing campaign is SecurityIQ. Notice anything below?

Now What?

You've identified a phishing email and have avoided clicking any link or opening any attachments - excellent! Now, what do you do?

In Gmail, you have two options: delete or report it as phishing. If you're in doubt, there's no harm in deleting the message and moving on. If it happens to be a legitimate email and the sender is trying to contact you, they'll probably make another attempt to get ahold of you. Your other option is to report the message. You can do this by clicking the PhishNotify icon from the Side Panel.

By reporting a phishing email, you not only help Google algorithms learn how to control the minds of huma... err, I mean, recognize phishing attempts, but we also get alerts on active phishing attacks so that we can respond and block them.