How to Spot and Report Phishing Emails

Phishing emails have unfortunately become increasingly common in our daily lives. Cybercriminals use these phishing emails to trick individuals into providing sensitive information such as passwords, bank account details, and credit card information. If you fall prey to a phishing email, you risk identity theft, financial loss, and malware infections. Therefore, it’s essential to learn how to spot these emails and protect yourself from such attacks. Understanding these red flags can be the difference between keeping your data safe or falling victim to a phishing scam.

Tips to spot phishing emails

Here are some tips to help you spot phishing emails.

  1. Suspicious sender address. Phishing emails often come from suspicious email addresses that are not related to the supposed sender. Check the sender’s email address carefully to ensure it is legitimate.
  2. Generic greeting. Phishing emails often use generic greetings such as “Dear Customer” or “Dear Sir/Madam.” Legitimate companies usually use your name when addressing you in emails.
  3. Check the context. Check the context of the email to see if it makes sense. If you receive an email from a bank you don’t have an account with, for example, it’s likely a phishing email.
  4. Urgent or threatening language. Phishing emails often include urgent or threatening language to create a sense of urgency. The email may threaten to shut down your account or take legal action if you don’t respond immediately.
  5. Don’t rely on logos and branding. Phishing emails often use logos and branding from legitimate companies to make the email look legitimate. However, these can be easily copied, so don’t rely on them as proof of authenticity.
  6. Poor grammar and spelling. Phishing emails often contain poor grammar and spelling errors. Legitimate companies typically have editors who review their emails before sending them out, so it’s unlikely that they would contain such errors.
  7. Suspicious attachments. Phishing emails often contain attachments that are suspicious. Don’t download any attachments unless you’re sure they are legitimate.
  8. Hover over links. Hover over any links in the email to see the URL. If it looks suspicious or doesn’t match the supposed sender, don’t click on it.

Steps to take if you receive a phishing email

If you receive a phishing email, here are some steps you should take.

  1. Don’t click on any links or download any attachments.
    Avoid clicking on any links or downloading any attachments in the email. Doing so can infect your computer with malware or lead to identity theft.
  2. Report the email.
    Report the email so the Office of Information Security can investigate the email and take appropriate action.

    • Create a new email.
    • Address the new email to phishing@uwsa.edu.
    • Attach (drag and drop) the original email to the new email. This is an important step because if you simply forward the message, critical information is not passed along.
    • Provide a brief description of the email in the Subject field.
    • Send email.
  3. Delete the suspicious email.
    Delete the suspicious email from your inbox and trash folder. This will help ensure that you don’t accidentally click on any links or attachments in the future.