Skip to main content

Learn how to identify phishing email characteristics and protect yourself from falling victim to cyber scams.

Understanding Phishing

Phishing is a type of cybercrime where cybercriminals use emails, messages, or websites to deceive individuals into disclosing confidential information. It is important to understand how phishing works in order to protect yourself from falling victim to these scams.

Cybercriminals often create emails that look like they are from legitimate organizations, such as banks, social media platforms, or government agencies. These emails typically include urgent requests for personal information, such as passwords, social security numbers, or credit card details.

By understanding the tactics used by cybercriminals, you can become more aware of the potential dangers and avoid falling for their tricks.

Identifying Red Flags

There are several red flags to look out for when it comes to identifying phishing emails. By recognizing these signs, you can protect yourself from falling victim to these scams.

One common red flag is a generic greeting or salutation. Legitimate organizations usually address individuals by their name, so if you receive an email with a generic greeting like 'Dear customer' or 'Dear sir/madam,' it's a sign that the email may be a phishing attempt.

Another red flag is an urgent request for personal information. Phishing emails often create a sense of urgency, claiming that there is a problem with your account or that your account will be suspended if you don't provide the requested information immediately. Legitimate organizations typically do not ask for personal information via email.

Suspicious attachments or links are also a major red flag. Phishing emails may include attachments that contain malware or links that redirect you to fake websites designed to collect your personal information. Always be cautious when clicking on links or downloading attachments from unfamiliar sources.

Verifying Sender Addresses

Verifying the sender address is an important step in identifying phishing emails. Cybercriminals often create email addresses that look similar to legitimate ones, but with slight variations. By double-checking the sender address, you can ensure that the email is legitimate before clicking on any links or downloading attachments.  Look closely! The varioations used by criminals are subtle. As an example, may be a substitute for Can you spot the difference?

One way to verify the sender address is by hovering over the sender's name or email address. This will reveal the actual email address behind the display name. If the email address looks suspicious or unfamiliar, it is likely a phishing attempt. Legitimate businesses normally do not use free domains such as,, or

It is also important to check for any misspellings or grammatical errors in the sender address. Phishing emails often contain subtle mistakes that can give away their illegitimacy.

Preventing Emailing of Sensitive Information

To protect sensitive information, it is crucial to avoid sharing personal or financial details through email or unfamiliar websites.

Legitimate organizations should not ask you to provide sensitive information via email. If you receive an email asking for personal information, it is best to contact the organization directly through their official website or phone number to verify the request. Remember, an email containing sensitive information may be forwarded anywhere beyond the original recipient. When it is necessary to provide sensitive information, send it via encrypted email or a secure file sharing portal.

When entering personal information on a website, make sure the website is secure. Look for 'https' at the beginning of the URL and a padlock icon in the address bar. These indicate that the website has a valid SSL certificate and that your information will be encrypted.

Reporting Suspicious Emails

If you receive a suspicious email that you believe may be a phishing attempt, it is important to report it to your IT team. Reporting these emails can help protect other employees from falling victim to the same scam.

Most email service providers have a way to report phishing emails. Look for options like 'Report as Phishing' or 'Mark as Spam' in your email client. By reporting the email, you can help the provider identify and take action against the cybercriminals behind the scam. Another means of reporting suspicious emails to law enforcement is through the Internet Computer Crime Center (IC3).

Additionally, you can also report phishing attempts to organizations that the cybercriminals are impersonating. For example, if you receive a phishing email claiming to be from your bank, forward the email to your bank's customer support or fraud department.

By reporting suspicious emails, you play an active role in combating phishing scams and protecting others from falling victim to these cybercrimes.