Phishing Email Detection Guide

Protect yourself from phishing emails with our essential checklist! Learn to identify suspicious emails and safeguard your personal and organizational information.

November 8, 2024

Phishing Email Checklist

Phishing emails remain the most common workplace cyber threat most of us face in today's digital world. Understanding how to distinguish a phishing email from others is crucial for protecting personal and organizational information, as well as protecting all data used by Blinn. Here, we will guide you through some key elements in a checklist for evaluating an email to help determine if it is a phishing attempt. It is important to err on the side of caution and double check before clicking or opening attachments.

Note the “From” Address

One of the first things to check is the email's "From" address. Phishing emails sometimes use addresses that might mimic legitimate ones but may have slight variations or misspellings. Always verify the sender's email address carefully. Does the address match the sender’s company name exactly?

Beware Hyperlinks

Phishing emails frequently contain hyperlinks that lead to malicious websites. Hover over any links in the email to see the actual URL before clicking. If the URL looks suspicious or does not match the supposed sender's domain, it is likely a phishing attempt. Never click on a link for your financial institutions. Always go to the trusted site directly.

Downplay Alarming Message Topics

Phishing emails often have alarming or demanding subject lines designed to prompt immediate action. Be wary of emails that claim you need to act quickly to avoid negative consequences, such as account suspension or missed payments. Sometimes the emails indicate you ordered an expensive item, or some other action that raises alarm. Always check directly with vendors, without clicking on links in the emails, when verifying.

Cast a Jaded Eye on Urgency Pleas

A common tactic in phishing emails is to create a sense of urgency. This can pressure recipients into making hasty decisions without thoroughly evaluating the email's legitimacy. Always take a moment to think before acting. Do not respond to the email directly. Calling or going to sites directly in your browser instead of clicking links remains the best action. In short, take everything with alarms or “red alerts,” etc., that you receive by email with a grain of salt.

Drill Down on Verbiage

Previously, the language used in phishing emails could be a giveaway. Poor grammar, spelling mistakes, and unusual phrasing were red flags because they were often written by foreign actors. With generative AI now being used to write many emails in English, this giveaway may continue fading in significance. Keep an eye out for odd phrasing, though. A non-English speaker may not be able to catch things generated by AI that sounds a little out of the ordinary.

Other Indicators

Other signs of phishing emails include unexpected attachments, requests for personal information, and generic greetings like "Dear Customer" instead of your name. If something feels off about an email, it is better to err on the side of caution and verify elsewhere before clicking a link or opening an attachment.

By being aware of these key elements, you can better protect yourself from falling victim to phishing attacks. Always stay vigilant and report any suspicious emails in your Blinn account to Academic Technology. If you find an email that you think might be a scam, or a phishing attempt, or is otherwise suspicious, please forward it as an attachment to [email protected] or call the Help Desk at 979-830-HELP (4357).