How to Identify Phishing Emails

Oftentimes, clients ask me if a suspicious email they received is legitimate.  Typically, they’ll send a screenshot or forward the questionable email. The emails usually look quite authentic, with everything from the company’s logo to the “from” address to the footer of the email looking like it truly is from a reputable company.

But, looks can be very deceiving.  It’s best to remain cautious and either ask someone for help or do your own recon.  

Recently, a client received an email that looked like it was legitimately from GoDaddy.  The email asked them to review their email (likely meaning their email account with GoDaddy) and upgrade some security information.  It looked so legitimate that even as I write this blog post, I’m noticing things in the email that were dead giveaways, yet I didn’t see them before.  That’s how sneaky these little devils can be.

To determine if an email is indeed a phishing attempt, I do two things immediately when asked about these types of emails, both of which take very little technical know-how.  I’m sharing them with you so you can easily know what to do the next time one of these annoying emails makes it into your inbox. Be sure to check out the video below for a walk-through of these two steps I take plus a few other ways to identify if an email is a phishing scam.

Research and Inspect the Suspicious Email

The first thing I do when a suspicious email lands in my inbox is copy and paste the subject line of the email into Google to see if anyone else has received a similar email.  Thankfully, many people post about these types of emails in forums and blogs, which makes doing this research quick and easy. Additionally, the companies who these bad people are trying to impersonate also post warnings about the phishing attempts.  

The next step is to inspect the links in the phishing email.  Very Important:  Do not click on the text links or button links.  That’s exactly what these people want you to do, which is why we want to inspect them vs. click on them.  

The links in a phishing email are rarely going to be visible in the email (i.e. www.i-am-a-link.com).  Instead, the perpetrators link text, images, or buttons so you can’t see the link.  Therefore, you’ll want to find out what’s behind the text, image, or button link to see if it’s a bad link or a legitimate one.  For example, if GoDaddy were sending you an email, any link they include in their email should start with www.godaddy.com.  If you inspect a link and see that the link is, say, www.x84-hl-web.app, you’ll know it’s a phishing email. 

To inspect a link, simply right-click on the object (text, image, or button), copy the link, and paste it into a Word document, Google document, TextEdit file (Mac), Notepad (PC), or any application on your computer where you can type.  Once you see the link, you’ll know if it’s spammy, and you can then mark the email as spam and delete it. 

An added step you might want to take is to simply look in your inbox for another legitimate email from the company.  Then, you can compare the suspicious email to the one you know is legitimate.

What to Look for in a Phishing Email

To provide some examples of what to look for in a phishing email, I’ll use the recent suspicious GoDaddy email my client sent me as an example. For reference, be sure to check out the image and video below as well.

Let’s start at the top with the subject line: “SERVER UPGRADE: Reviw your email | clientswebsite.com.”  You can see that the word “review” is misspelled. Also, there is nothing in the body of the email that mentions a server upgrade, yet the subject line states that that’s what the email is about.  Hmmm…I’m not buying it!

Typically, companies you actually do business with will refer to you by name and not “Member” or “Sir/Madam.” Those generic greetings are a clear sign that something is not quite right.

Next, let’s review the body of the email.  First, we have an urgent, harsh warning with some words in all caps — “This link is valid for ONE USE ONLY and EXPIRES IN 24 HOURS.”  That in and of itself seems fishy…or rather, PHISHY!

In the next section, the spacing and formatting is lacking, and the salutation ends with a period, which is rather odd.

Notice how the subject line uses the word “upgrade,” then the big heading on the email says “update,” then a couple more mentions of “update” then finally, the big button to “Upgrade Now.”  Which one is it, GoDaddy impersonator?  Are we upgrading or updating?

The three bullets under “Here’s everything else you need to know:” seem pretty legit.  The email is actually a real email, but the “Follow this link” URL is bad (which I know because I inspected it). To wrap up the email, there’s a “visit our Help Center” link which actually isn’t even linking to anything.

The footer of the email doesn’t present much concern except for the copyright date.  GoDaddy does not seem like a company that would not update their copyright date, so the fact that is says, “Copyright © 1999-2020“ is quite suspicious.  

Check out the image below to see the suspicious email in action.

Important Reminders About Phishing Emails

• When in doubt, don’t click on any links.
• If you’re worried about forwarding the suspicious email to someone to inquire about its legitimacy, don’t do it.  Instead, take a screenshot of the email and send the image via email or text.  
• Your email provider might flag the email as spam or block it entirely if you try to forward it to someone.  If you forward it to someone and they reply back to confirm it’s spam, the email provider might block the response email.  That happened to me when I responded to my client because Google (my email provider) knew there were malicious links in the email.
• If you want to reach out to the company that may or may not have sent you the suspicious email, do not click on any links in the email to contact the company.  Instead, go to the company’s website (or search for the company in Google) and contact them using the information provided on their site or in Google.

Be safe out there, folks! These people cannot wait for you to click on their malicious links. Doing so could result in identify theft or malware placed on your computer or phone.

Are you concerned about a suspicious email? Contact me here, I’m happy to help.