選單
中文 (繁體)

How to identify phishing emails

Phishing emails are fraudulent messages designed to trick recipients into revealing personal information such as passwords, credit card numbers, or other sensitive data. These emails often appear to come from legitimate sources, such as banks, online services, or well-known companies, but are actually sent by cybercriminals. In this article, we will explore how to spot phishing emails, share practical tips to avoid becoming a victim, and provide steps to take if you suspect an email is a phishing attempt.

Key characteristics of email phishing

  • Suspicious sender addresses: the sender’s email address may look similar to a legitimate one but often contains slight misspellings or unusual domain names

  • Generic greetings and language: phishing emails often use generic greetings such as "Dear Customer" instead of addressing the recipient by name, and the language may be vague or overly formal

  • Urgent or threatening language: these emails often create a sense of urgency or fear, claiming that immediate action is required to avoid negative consequences, such as account suspension or unauthorized access

  • Suspicious attachments or links: phishing emails may contain attachments that contain malware or links that direct the recipient to fake websites designed to steal personal information

  • Poor grammar and spelling mistakes: many phishing emails contain noticeable grammar and spelling errors, which can be a red flag that the email is not from a legitimate source

  • Inconsistent branding: logos, colors, and other branding elements in phishing emails may not match those of the legitimate company they are trying to impersonate

  • Unusual requests for personal information: legitimate companies rarely ask for sensitive information such as passwords or credit card numbers over email

How to identify a phishing email: 9 ways

  1. It’s sent from a public or free email domain. A significant majority of phishing emails are sent from free mail services. As a rule, employees of legitimate companies do not use free email services for official communications. Authentic emails from banks, technology companies, and other institutions come from the organization's official domain. If the sender's email address isn't completely visible, you can click the “From” name to see the full email address and verify whether it is legitimate or from a suspicious source. For example, if all you see is “amazon@”, check the full email address to make sure it is not a free email domain such as “amazon@gmail.com”.

  2. The “From” name and email domain don’t match. Email providers allow users to customize the name that appears in the "From" field of their emails. While most legitimate users enter their real names, scammers take advantage of this feature to impersonate individuals and organizations. It is important to note that a mismatch between the sender's name and the email address is a strong indicator of a phishing attempt. You can click the name to see the actual sender details, which can help you identify potential scams. For example, you received a suspicious email from your colleague “John Smith”, so you decided to check the “From” section and you found out that the email came from “jack-leo@gmail.com”. It is unlikely that your colleague's email address would have a different name.

  3. The sender has spoofed a company’s domain name. “Spoofing” happens when scammers create deceptive versions of names or domains that closely resemble those of trusted companies to make their messages appear authentic. It's important to verify the domain of any sensitive email and be aware of any security warnings or requests to reset account passwords.

  4. A notification “There’s an issue with your account” or “Suspicious activity detected” (depends on your email provider). Scammers often use technical support and email security scams as common social engineering tactics in emails, text messages, phone calls, and social media direct messages (DMs). They send emails with subject lines that suggest you could lose money or access to your account if you don't act quickly and click the provided link. If you suspect that your account has been compromised, it's best to log in directly to the company's official website or mobile app to verify the authenticity of the alert.

  5. Suspicious links or attachments in the email. Almost all phishing emails contain either a link to a fraudulent website or a phone number to call. Phishing links can take you to a fake login page to steal your username and password, take you to a fake payment screen that captures your financial information, or infect your device with malware such as ransomware, spyware, or other malicious software. Before you click a link, hover over the button or text (or long-press on a mobile device) to check the URL destination. If the link doesn't take you to the website you expected, it's probably an email phishing.

  6. There is a bill you don’t recognize. If you receive a bill for a purchase you don't remember, don't click any links or call the customer service number provided. Check your bank statements directly through your mobile banking app or the bank's official website to confirm that the charge was legitimate. If there is no such charge, this confirms that the bill is indeed a scam.

  7. The blackmail. Scammers may try to intimidate you by claiming to have compromising videos or evidence of wrongdoing and threatening to release it unless you send them money. Scammers distribute millions of these messages, targeting people who may respond impulsively out of guilt. The majority of recipients can safely ignore these emails and block the sender.

  8. They ask to provide personal or sensitive information. Legitimate organizations will not request or verify personal or sensitive information through email (or by clicking links in unsolicited messages). If someone claiming to be from a known organization asks for information via unsecured email, it may be a phishing scam. Never send sensitive information such as credit card numbers, bank account information, or Social Security numbers (SSNs) via email. If such information is requested, contact the organization directly by phone to verify the request.

  9. There are spelling and grammatical errors. Grammar and spelling mistakes (for example, “Respected sir/madame” instead of “Dear [name]” or “Your account has been temporary suspend” instead of “Your account has been temporarily suspended”) are red flags because reputable organizations spend a lot of time and effort reviewing their communications before they go out. It's unlikely that a responsible company would send out an email riddled with spelling and grammatical errors.

What to do if you think an email is phishing

  1. Avoid clicking links or downloading attachments in suspicious emails. While it is generally safe to open a phishing email, clicking links or downloading attachments could expose your device to malware or give hackers access to your personal information.

  2. Check URLs before entering passwords or sensitive information. Instead of clicking links, manually type the full URL into your web browser to make sure you are visiting the correct website and not a spoofed version.

  3. Delete the email and block the sender. Once you've reported the phishing attempt, delete the email from your inbox. Blocking the sender will prevent future phishing emails from the same address.

  4. Scan your device with a reputable anti malware tool. Perform a thorough scan to detect any signs of unauthorized activity or malware on your device. Make sure the antimalware program is from a trusted commercial vendor.

  5. Change your passwords to stronger, more complex ones. Stronger passwords make it harder for scammers to compromise your accounts. A password manager can help generate and securely store unique passwords for each account.

  6. Enable two-factor authentication (2FA) for your accounts. This additional layer of security helps prevent unauthorized access even if your password is compromised.

How to protect yourself from phishing attacks

Scammers are constantly improving their tactics to bypass spam filters and deceive people with fraudulent emails. Modern phishing attempts often mimic real communications to instill fear and lead to mistakes in handling sensitive data security.

There are several things you can do to avoid falling victim to a phishing email:

  • Install anti-virus software to scan email attachments. Use antivirus tools on your devices to scan attachments before opening them. If suspicious attachments are inadvertently opened, the software can alert you and mitigate potential malware threats

  • Update your email provider's spam filters. Adjust settings to improve detection of phishing emails and automatically redirect them to your Junk folder for added security

  • Avoid rushing to respond to suspicious emails. Phishing messages typically create a sense of urgency. If an email makes you feel anxious or uncomfortable, take the time to examine it for signs of fraud.

Final thoughts

Phishing emails are becoming increasingly sophisticated, making them harder to recognize. However, there are still clear indicators that an email is a phishing attempt. This article discusses some of the most common signs of phishing emails to look for. If you're ever unsure about an email you've received, it's better to err on the side of caution and avoid clicking any links or sharing personal information.

喜歡這篇文章嗎?
19,274 19274 使用者評論
極好的!

AdGuard for Windows

Windows 版 AdGuard 不只是廣告封鎖程式,它是集成所有讓您享受最佳網路體驗的主要功能的多用途工具。其可封鎖廣告和危險網站,加速網頁載入速度,並且保護兒童的線上安全。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for Mac

Mac 版 AdGuard 是一款獨一無二的專為 MacOS 設計的廣告封鎖程式。除了保護使用者免受瀏覽器和應用程式裡惱人廣告的侵擾外,應用程式還能保護使用者免受追蹤、網路釣魚和詐騙。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for Android

Android 版的 AdGuard 是一個用於安卓裝置的完美解決方案。與其他大多數廣告封鎖器不同,AdGuard 不需要 Root 權限,提供廣泛的應用程式管理選項。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for iOS

用於 iPhone 和 iPad 的最佳 iOS 廣告封鎖程式。AdGuard 可以清除 Safari 中的各種廣告,保護個人隱私,並加快頁面載入速度。iOS 版 AdGuard 廣告封鎖技術確保最高質量的過濾,並讓使用者同時使用多個過濾器。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard 內容阻擋器

AdGuard 內容阻擋器將消除在支援內容阻擋器技術之行動瀏覽器中的各種各類廣告 — 即 Samsung 網際網路和 Yandex.Browser。雖然比 AdGuard for Android 更受限制,但它是免費的,易於安裝並仍提供高廣告封鎖品質。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard 瀏覽器擴充功能

AdGuard 是有效地封鎖於全部網頁上的所有類型廣告之最快的和最輕量的廣告封鎖擴充功能!為您使用的瀏覽器選擇 AdGuard,然後取得無廣告的、快速的和安全的瀏覽。
19,274 19274 使用者評論
極好的!

AdGuard 助理

AdGuard 桌面應用程式的配套瀏覽器擴充功能。它為瀏覽器提供了自訂的元件阻止的功能,將網站列入允許清單或傳送報告等功能。
19,274 19274 使用者評論
極好的!

AdGuard DNS

AdGuard DNS 是一種不需要安裝任何的應用程式而封鎖網際網路廣告之極簡單的方式。它易於使用,完全地免費,被輕易地於任何的裝置上設置,並向您提供封鎖廣告、計數器、惡意網站和成人內容之最少必要的功能。
19,274 19274 使用者評論
極好的!

AdGuard Home

AdGuard Home 是一款用於封鎖廣告 & 追蹤之全網路範圍的軟體。在您設置它之後,它將涵蓋所有您的家用裝置,且為那您不需要任何的用戶端軟體。由於物聯網和連網裝置的興起,能夠控制您的整個網路變得越來越重要。
19,274 19274 使用者評論
極好的!

AdGuard Pro iOS 版

除了在 Safari 中之優秀的 iOS 廣告封鎖對普通版的用戶為已知的外,AdGuard Pro 提供很多功能。透過提供對自訂的 DNS 設定之存取,該應用程式允許您封鎖廣告、保護您的孩子免於線上成人內容並保護您個人的資料免於盜竊。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for Safari

自 Apple 開始強迫每位人使用該新的軟體開發套件(SDK)以來,用於 Safari 的廣告封鎖延伸功能處境艱難。AdGuard 延伸功能可以將高優質的廣告封鎖帶回 Safari。
19,274 19274 使用者評論
極好的!

AdGuard Temp Mail

免費的臨時電子郵件地址產生器,保持匿名性並保護個人隱私。您的主收件匣中沒有垃圾郵件!
19,274 19274 使用者評論
極好的!

AdGuard Android TV 版

Android TV 版 AdGuard 是唯一一款能封鎖廣告、保護隱私並充當智慧電視防火墻的應用程式。取得網路威脅警告,使用安全 DNS,並受益於加密流量。有了安全性和零廣告的使用體驗,使用者就可以盡情享受最喜愛的節目了!
已開始下載 AdGuard 點擊箭頭所指示的檔案開始安裝 AdGuard。 選擇"開啟"並點擊"確定",然後等待該檔案被下載。在被打開的視窗中,拖曳 AdGuard 圖像到"應用程式"檔案夾中。感謝您選擇 AdGuard! 選擇"開啟"並點擊"確定",然後等待該檔案被下載。在被打開的視窗中,點擊"安裝"。感謝您選擇 AdGuard!
在行動裝置上安裝 AdGuard