How to identify phishing emails

Phishing is a type of online scam where hackers impersonate legitimate organizations via email, text message, advertisement, or other means in order to steal sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.

You should not at all times click any links in unknown emails.

Phishing emails often tell a story to trick you into clicking on a link or opening an attachment.

They may:

say they’ve noticed some suspicious activity or log-in attempts
claim there’s a problem with your account or your payment information
say you must confirm some personal information
include a fake invoice
want you to click on a link to make a payment
say you’re eligible to register for a government refund
offer a coupon for free stuff and etc.
sometimes they look exactly like an email from a legitimate company

Here is a typical phishing email and some red flags from it:

- This email is not addressed to the recipient. If you were truly being notified by FedEx, they would know your name.

- If you would order something from FedEx - it would include more information about the order and shipping.

Another red flag - when you hover (DON'T CLICK, just hover) your mouse over any link on this email see that the website is actually kb4.io/XSzFJdmJqZEJNV... This site link does not look like the FedEx website:

However, the URL is revealed by hovering over an embedded link can also be changed by using JavaScript, so it's not always helpful.

- "FedEx" would not use @aischool.org email, and even if it uses an address like @fedex.com - it could be spoofed(faked).

- In this case, the email is spoofed to look like it came from @aischool.org email, but in fact, it did not come from the @aischool.org email (Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.)

You can check that sometimes by hovering your mouse over the email address of the sender, or in Gmail, you can click 3 dots next to the email and choose Show original option.

As you can see, the email is not from @aischool.org domain, and the real email address that has been used to send it looks nothing like @aischool.org email:

To prevent from being phished, it's best to follow this simple rule:

Don’t click. Use your own link.

If you use a product or service and a company apparently sending you an email message, don’t click any links in their email.

Instead, navigate to their website via a browser bookmark, type their address yourself to the browser or search via a search engine.

If the email is legitimate, you will see the same information when you log into your account on the company site.

This is the ONLY way to guarantee you land on a legitimate site.

Last updated on Jan 30, 2023, by Andrei Zorin