Example 1: "Amazon" Refund Notification
One of the telltale signs of a phishing scam is poor grammar and spelling. In this example of a fake Amazon message, you'll notice punctuation errors like a run-on sentence and a missing period, as well odd spacing issues.
Before you click a link in an email, you should hover over the link and make sure it's going to a valid, secure site. In phishing messages, you'll often find links that claim they're going to a site you trust, but, upon further inspection, go to a different site.
Example 2: "IRS" Identity Verification
Phishing emails play up a sense of urgency, and what could be more urgent than a message from the IRS? It's good to go over these high-profile and high-impact messages in detail. Here are the things we spotted in the email message above:
- The sender display name is "irs gov," which sounds right on the surface but may not be accurate. Instead of trusting the display name, mouse over and look at the sender's email address to make sure it matches.
- The actual IRS is not likely to send a message to "Dear Tax Payer." If they're sending you a notice — in this case, for missing information — they're going to send it to you, not a blanket addressee.
- Little typos can be a big giveaway. Often, phishing emails are littered with misspellings, along with errors in grammar or punctuation.
- Never click links that ask you to verify information. In this case, the IRS likely would have given you directions on where to go to update the information, so you can navigate to a secure site on your own.
Example 3: "Paypal" Account Suspension
The target of a phishing email is your personal information — and, often, that means payment and banking information. This message, supposedly from PayPal, is a classic example. There are several clues, however, that this message is not legitimate.
- There are numerous grammar and spelling mistakes.
- The PayPal logo used is not styled like the official logo you'll find on PayPal's website.
- The link to "Update Your Information" seems designed to camouflage its true destination.
Example 4: "Google" Login Screen
Phishing doesn't begin and end with emails. It's important to look at websites with the same scrutiny, particularly if the website has been linked from an email.
The above page spoofs Google's sign-in screen pretty well. The user interface seems familiar, and everything looks legitimate — until you notice the URL. In this case, what's in the browser bar isn't a URL at all. Instead, this "site" is really a computer file.
It's important always to look at the URL of a site and make sure it looks familiar. Additionally, any page that requests you to log in with a username and password should be a secure site, meaning it should start with "https://".