How to Know if an Email is Phishing

Most emails that arrive in your Inbox are probably the real deal. Either companies whose newsletter you've singed up for or friends, family, and colleagues communicating.

One day you get an email that seems fine on the surface, but something about it makes you pause. You have the feeling that it doesn't seem right and you aren't sure if you're overreacting.

Don't feel bad about these situations. Many people have these moments. If you have them it means you are being aware and cautious, which is important in differentiating the good from the bad in modern communication.

Some emails are obviously a scam. They want you to click on a link for an account you never opened, for example. Other email are more difficult to differentiate from the real thing. An email comes in saying its from your bank and there is a problem with your account. They need to verify your information or risk the account being locked. You feel the urge to click the link and provide your name, address, and social security number in order to protect your livelihood. In reality, such an email is 99% of the time a phishing scam meant to steal your identity.

You have likely received emails from your bank or the government in the last couple years warning you about scams and phishing emails, and being careful. When you receive these emails, like this article, read them all the way through to bolster your awareness. There's no need to live in worry - just educate yourself and keep an eye out for anything unusual.

Clarification on spam vs phishing: Traditionally, unsolicited emails trying to sell you a legitimate product or service is called spam. An email that is trying to get you to take an action that would result in your being the victim of a crime is called phishing. Spam emails used to be the hot-button target for people and institutions because of how distracting and annoying they were. Nowadays, spam has taken a backseat to the massive amount of phishing attempts being made.

Added note: It goes way beyond email - people are targeted via SMS text message, Facebook Messenger, WhatsApp, Instagram, and telephone calls.

A common question people ask is:

How do I know if an email is a phishing email or a real email? We will try and answer that here.

Generally, by looking at an email you can detect if it's spam or not without clicking on any attachments or links. Here are some things to look out for:

The text reads wrong -

  • Your name is typed in an unusual way or in a way that differs how you know it’s written on your account.
  • Asking you to verify an account that has already been verified and used.
  • If the sender is from the US, or a company in the US, and certain words are written in British format (examples: centre instead of center, colour instead of color, cheque instead of check, programme instead of program).
  • Sections in all caps asking you to take action.
  • If the sender if form the US, a closing line before signature reading 'Thank you kindly', 'Warm regards', or 'Cheers' (sayings more common outside the United States)
  • The name in the signature line ending with a period like it’s a sentence when it’s a name.


The link - 

Spam emails often contain a link or link button that is surrounded by text that subtly or directly asks you to take action to click on it. A button or “Click Here” is a simply shield for the malicious link that is its destination. A cleverer trick has been shielding a malicious link with a legitimate reading one. But what you read on the surface is not the same as the destination. For example, there may be a link that reads bankofamerica.com, but the actual destination in the hidden code is the spammer’s website that contains a virus or a fake Bank of America website that the spammer setup to steal your login information. There is an easy way to see the destination of a link without clicking on it: simply hover your mouse pointer over the link without clicking and it will show in a little information pop-up.

The part to look at in the destination link is the domain (the blahblah.com or somethingsomething.net). If the domain isn’t the same as the real website, then it’s spam. How to know what is real? Google it.

Ask the sender if they sent it - 

Ask the sender in a way that isn’t email. If a friend, family member or colleague – call or text them. If the bank, visit the website through a Google search (not the website from the email) and start a chat, submit a website request form, or call them. This is the most secure way to find out if in doubt.

Closing -

By educating ourselves and each other about spam we can be better protected. Above credit monitoring, virus protection software, spam filters, firewalls, and other technologies and services that are meant to keep us digitally safe – there is us. Individual awareness is the best deterrent.

Seeking ClarITy

  • Are you considering making changes with your business’ IT systems?
  • Are slowdowns with your IT systems causing lost business or productivity?
  • Do you want to better utilize technology for your business and personal life?

If “yes” popped in your head at any point in this list, you’ve come to the right IT company.

Contact Clarity

Call us at (916) 913-9951 or email us using the form below.