top of page

Phishing Emails: Practical Tips to Identify Phishing Emails and Scam Instant Messages

Updated: Jun 23, 2022

Phishing emails are well-crafted email scams where cybercriminals impersonate legitimate organizations and other people. They are well-known and common techniques associated with malicious software, including a link or file attachment, identity theft, data theft, and more. Hackers design them to trick people into helping the scammers to collect sensitive data, gain access to accounts, or steal money. These kinds of tricks have extended to instant messages such as SMS, WhatsApp, Messenger, and private messages on social media platforms.


Based on Kaspersky’s research in 2020, about 103 million phishing attacks were launched targeting online stores, global web portals, and banks. Also, more than 51 million malicious email attachments were detected during the third quarter of 2020. Furthermore, according to Federal Trade Commission, over 95,000 people reported about $770 million losses to fraud initiated on social media in 2021. It is important for people to stay alert and to be wary of such attacks since most of them are through the human interface.

Types of Phishing Tactics

  1. Standard email phishing: none-targeted and an attempt to steal confidential information.

  2. Malware phishing: malware or virus attached to downloadable attachments.

  3. Spear phishing: target high profile people i.e., politicians, public figures, business executives.

  4. Smishing: SMS-enabled phishing contains malicious short links to smartphone users.

  5. Vishing: scam calls are made by callers who impersonate legitimate companies to gain confidential information such as personal information, or financial information. The caller is usually very authoritative.

What Makes an Email a Phish?

  1. Call to Action: a scammer needs you to do something like downloadable file, click a link, reply with information, or contact someone.

  2. Emotion or Urgency: often creates a sense of urgency to try to manipulate your emotions such as fear, curiosity, greed, or compassion.

  3. Malicious Intent: designed to cause harm like steal data or deliver malicious software.


1. Check the sender’s email address:

Be suspicious if an email claims to be from an organization that does not typically use a free email service i.e.,,,

2. Exam From field

Easily manipulated to show a false sender name (email spoofing) and can be changed to display your account name (Mike Johnson). This technique gets passed through email filters and be wary when an email is addressed to an undisclosed group (exception mailing list or newsletter).

3. Do Not Trust Calls to Action

Check the subject line for common spam topics, for example, sales, investment opportunities, new treatments, requests for money, etc. protect your mobile devices in case it gets stolen or lost.

4. Analyze the Salutation and Signature

Should be personal and signature provides contact details i.e., name, telephone, and address

email is not addressed to the recipient, for example, "Dear Customer" isn’t an identifier that should at least state your name.

5. Check Grammar

Pay attention to a grammatical error, most phishing emails and IMs contain grammatical and spelling errors since they are often less concerned with it.

6. Avoid clicking on links or file attachments

Avoid clicking on links from suspicious emails or text messages from unknown contacts. Always navigate to the website via a browser bookmark or search engine instead. You can hover over any links in the email to see if they match their supposed destination if using a computer or tablet.


Because of the sophisticated phishing attacks and tricks, be wary if you don’t know the person or organization. If you recognize or know the sender, think about other emails you've received from them before. Ask yourself:

  • Does the tone match?

  • Would this person send an email like this?

  • Does the sender’s identity match the purpose of the email?

Asking yourself if the email comes from an address that you would expect is very important. Remember, legitimate organizations would never request you to send passwords or banking information via email.






19 views0 comments
bottom of page