Phishing Emails: How to Spot and Avoid Them Safely

What is a phishing email?

A phishing email is a fake message sent to trick you into clicking a link or downloading an attachment to steal your personal information. These emails are usually sent to many people at once.

Phishing emails use fake links to deceive you. Scammers might use exciting offers, fake threats, or pretend to be someone you know. They want you to click on a link that seems safe but takes you to a harmful website.

The term “phishing” comes from “fishing” because scammers use fake emails as bait to get you to click on malicious links and give away sensitive information like credit card numbers or passwords.

Phishing emails pretend to be from real sources like banks, employers, social media sites, or even friends. These emails often include urgent messages like fake warnings about account problems, amazing offers, or requests for urgent help.

These emails usually have links that lead to fake websites. On these fake sites, you might be tricked into entering your personal details, which the scammers can then steal.

For example, you might get an email that looks like it’s from your bank, asking you to click a link to verify your identity. If you do, you’ll be taken to a fake bank website where you might enter your login details. Instead of protecting your account, you’ve given your information to scammers.

Examples of phishing emails

Phishing emails can look like they come from trusted sources. Here are some common types:

1. Cryptocurrency Scams: An email might say that a large amount of cryptocurrency has been added to your account. It may include details like the amount and a customer ID to make it seem real. The email will have a link to a fake site to trick you into clicking it.
2. Banking Scams: You might get an email saying there’s a problem with your bank account or that you’ve set up a new payee. These emails will urge you to click a link to verify information. Be careful, as these links often lead to fake websites that steal your information.
3. Social Media Phishing: An email might look like a security alert from Facebook, Twitter, or Instagram, warning that your account is at risk. It will ask you to click a link to change your password. If you do, scammers can steal your credentials and take over your account.
4. CEO Phishing: A scammer might send an email pretending to be the CEO of a company, asking an employee to transfer funds to help the CEO. The employee, believing the request is real, transfers the money to the scammer’s account.
5. Package Delivery Failed: An email might claim that a delivery failed and ask you to click a link to reschedule. These emails often pretend to be from courier services like UPS or FedEx. Clicking the link may lead you to a fake website or install malware on your device.
6. Fake Google Docs Login: A phishing email might say someone has shared a Google Docs document with you. The link leads to a fake login page where you enter your details, giving scammers access to your Google account.
7. Congratulations, You Have Won: Emails claiming you’ve won a prize or money are usually scams. Scammers hope you’ll be excited and click on links or attachments that steal your information.
8. You Have Received a Payment: An email might claim you’ve received a payment you weren’t expecting. The link in the email often leads to a fake payment platform where you’re asked to log in or confirm details, allowing scammers to steal your information.

How to spot a phishing email

Look for these signs to identify phishing emails:

• Check the sender’s email address. Scammers often use email addresses that look similar to real ones but have small mistakes, like a misspelled domain name.
• Watch for generic greetings. Phishing emails often use generic terms like “Dear customer” instead of your name.
• Be wary of urgent messages. Scammers create a sense of urgency, threatening to cancel orders or suspend accounts to make you act quickly.
• Look for spelling and grammar errors. Phishing emails often have mistakes in spelling and grammar.
• Be cautious with attachments. Attachments, even in trusted formats like PDFs or Word files, can be risky. Think twice before opening any attachment.
• Beware of offers of gifts or money. Emails promising free gifts or money if you click a link or open an attachment are often scams.

What to do if you receive a phishing email

If you get a phishing email:

• Don’t click any links or open attachments. They could be harmful.
• Don’t reply or engage with the sender. Ignore them.
• Report the email and then delete it. This helps prevent further issues.

How to report a phishing email

Reporting phishing emails helps track down scammers. Here’s how to report them:

• Internationally: Forward phishing emails to the Anti-Phishing Working Group (APWG) at reportphishing@apwg.org.
• In the US: Report phishing attacks to the Federal Trade Commission (FTC) through their website.
• In the UK: Report phishing to the National Cyber Security Centre (NCSC) by forwarding the email to report@phishing.gov.uk.
• In Australia: The Australian Competition and Consumer Commission (ACCC) handles these reports.
• In Europe: Check EUROPOL for the reporting site in your country.

You can also report phishing emails to your email provider. Most have a “Report phishing” option.

How to avoid falling for phishing emails

Phishing attempts are often not very advanced, and you can spot them with some basic precautions:

• Don’t rely only on spam filters. Scammers sometimes find ways around them. Use anti-phishing software for extra protection.
• Double-check offers. Before clicking on links for amazing offers, search for the offer online to see if it’s real.
• Use a low-limit credit card. For online purchases, use a separate credit card to keep your main account safe.
• Use firewalls. Firewalls help block suspicious traffic and protect your device.
• Avoid pop-ups. Many pop-ups are phishing attempts. Tools like NordVPN’s Threat Protection Pro™ can block them.
• Use multi-factor authentication (MFA). MFA adds extra protection, requiring a second verification step to access your account.
• Don’t share personal information. The less personal information you share, the less scammers can use against you.
• Keep your software updated. Updates fix security issues and reduce the risk of phishing attacks and data breaches.

By following these tips, you can better protect yourself from phishing scams.