The 7 main signs of a phishing scam

Everyone knows that phishing scams are a major concern, but what do they actually look like?

Although many fraudulent messages are easy to spot, some require much more inspection to determine whether they are real or not. So what can you do? Here is a checklist of things to watch out for to protect yourself against phishing.

1. An unusual sender address

Phishing scams often take place via email, so it’s crucial that you are careful about who you communicate with. It is likely that when you receive an email, you do not verify the sender’s address. But it can be a key indicator of a phishing scam. Let’s take an example to understand why.


Suppose you received an email from Postmates claiming that your payment information has expired and you need to update it. While this may seem like harmless enough communication, it’s still crucial that you run a quick scan whenever you’re asked for information, especially if that information is private.

Let’s say in this scenario that the sender’s email address reads “p0stmates”, or maybe “post-mates”. These slight changes to the official business name may indicate a phishing scam. Check official email addresses used by Postmates or any suspected trusted party that states your information is required.

On the other hand, if you received a message on social media from a supposedly official account, check the account itself to see if this is the case. If the account is new, has a low follower count, or is missing a verification tick, consider this a possible red flag.

2. Several errors in the text

If you receive an email from what claims to be an official body, such as a large retailer or a branch of government, you expect the spelling and grammar of the email to be nothing short of impeccable. While errors can sometimes slip through the cracks even when the sender is legitimate, it’s rare that you receive an email from a relying party littered with errors.

Spelling and grammatical errors can provide very clear signs of a phishing scam. Pay attention to these inconsistencies in any email, text or social media message you receive. You can even use a typing assistant or spell checker like Grammarly to quickly scan an email for errors.

3. “Urgent” messages

If there’s one thing that makes people nervous, it’s urgent questions.

If an email says you have a few months to complete an action, you can postpone it for a while and not worry too much about it. However, if you receive an email stating that you need to take immediate action to avoid the consequences, you are much more likely to comply with it without question. Cybercriminals know this and will therefore inject a sense of urgency into their phishing emails to put pressure on you.

So if you ever receive an email that stresses urgency, don’t panic. It is much safer to first check the email for suspicious signs and then act if you believe the sender is trustworthy.

4. Unusual attachments

Attachments are quite common in emails. Be it an image, document or the like, the attachments themselves are nothing to worry about most of the times. However, malicious attachments are often used by cyber criminals to install malware on your device without your knowledge. It’s always a good idea to check any attachments you receive to make sure they’re safe to open.

The first step here would be to use your antivirus software. Today, many antivirus vendors offer email or attachment scanners, which allow you to determine if a file sent to you is malicious. It can be done in minutes and absolutely worth the extra steps.

Moreover, you should check whether a given attachment looks suspicious at first sight. The file type of an attachment can be particularly telling. Generally, attachments come in the form of .pdf, .jpg, .csv, .bmp, .doc, and .docx. If you receive an attachment belonging to .exe, .vbs, .wsf, .cpl or .cmd file types, proceed with caution. These types of files are often used by attackers to infiltrate your device.

However, sometimes these file types can be completely benign, and even seemingly common file types can be malicious, so it’s essential to scan attachments with your anti-virus software before clicking.

Malicious links often form the basis of phishing scams. In a typical phishing scam, an attacker will send their target an email with a link that they are advised to click on. The attacker can pretend it is a login page, verification page or similar. These pages often require you to enter information, which is where the scam comes in. Phishing websites track the information you enter, allowing the attacker to use that data to their advantage.

To avoid clicking on malicious links, run a given link through a link checker website. These sites will analyze the link you provide to determine whether or not it is safe to access. If the website deems the link malicious, stay away and block the sender who provided it to you.

6. Sensitive information is requested

On the dark web, your private information can be valuable. Login credentials, payment details, social security numbers, and home addresses are all sought-after types of data that attackers can either sell to other malicious parties or exploit for their own profit. Even your passport or driver’s license can be worth a lot in the illicit dark web markets.

So, if you ever receive an email asking for any kind of sensitive information, take a break to do some checking. Check the provided links, attachments, sender address, and other factors before you even consider providing your sensitive information because once the attacker has it, they can potentially cause a lot of damage.

7. Your email provider flags an email

Many email providers are equipped with an anti-spam feature that detects emails that may be spam. Your email provider will notify you if this is the case, often with a warning bar at the top of the message. If you receive this type of warning on a given email, you may be dealing with a phishing scam, as there is a good chance that the email you received was also sent to hundreds or thousands of other recipients.

Although your email provider’s spam detector may not be 100% accurate of the time, it’s worth taking note of any warnings you receive and then performing further checks to see if the email is incorrect. -email in question is really malicious.

Phishing is commonplace: stay vigilant

It’s easy to assume you’ll never fall victim to any online scam, but cybercrime is so prevalent that there’s no stopping any given attacker from targeting you next. You’re always better off checking your communications to make sure they’re entirely benign. Phishing emails can be surprisingly convincing these days, so following the steps listed above can help you weed out any potential scams.

Comments are closed.