Every day countless phishing emails are sent to unsuspecting victims. While some of these messages are obviously fraudulent, others can be a bit more convincing. 

Be alert for emails that look like they are coming from one of your customers or vendors.  If they are asking to change banking information for payments, best practice is to place a phone call to confirm before making a change.  In addition, do not click on links that are asking you to change a password or login to an account.  It’s best to go directly to the website to change a password rather than using a link randomly sent through email unless you specifically requested a password reset.

So, how do you tell the difference between a phishing email and a legitimate one? Unfortunately, there is no one single technique that works in every situation, but there are several things that you can look for.

Here are 5 things to be on the lookout for:

1.  Keep a lookout for mismatched URLs.

The first thing we recommend checking in a suspicious email is the integrity of any embedded URLs. Often the URL in a phishing email will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, it’s very likely that the message is fraudulent.

2.  URLs contain a misleading domain name.

People who launch phishing scams often rely on their victims not knowing how the DNS naming structure for domains work. So, how does it work? You need to look at the domain itself, for example, info.o2mobile.com, is a child domain of o2mobile.com because o2mobile.com appears at the end of the full domain name (on the right-hand side). Conversely, o2mobile.information.com would clearly not have originated from o2mobile.com because the reference to o2mobile.com is on the left side of the domain name.

3.  The message contains poor spelling and grammar.

Whenever a large company sends out an email, the email is usually reviewed for spelling, grammar, and legality, among other things. Therefore, if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal or marketing department.

4.  The message appears to be from a government organization.

Any email that is claiming to have come from a government organization, such as the IRS, that promises a rebate or makes threats about a penalty, should sound alarm bells. All government organizations have protocols, and usually, those protocols don’t include sending emails out of the blue offering you refunds or demanding payments.

5.  The offer seems too good to be true.

The saying ‘it’s too good to be true’ holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.


Phishing emails are becoming more and more sophisticated as technology becomes smarter, so the scammers will always be trying new tactics.

Related Articles