photo: weerapatkiatdumrong/iStock

How to Spot a Phishing Email

By David Little

Few of us are on high alert when checking our email. Like brushing your teeth or making a pot of coffee, scrolling through your inbox is a routine task that doesn’t get much thought. Well, that’s exactly what online con artists bank on when they send phishing email.

What is phishing? It’s when a scammer sends an email under the guise of a trusted company or person, in the hopes of collecting personal information for money or other malicious reasons.

As we rely more and more on email and other online communications, cyber thieves have invented sneakier and more sophisticated methods to trick us. But there are ways to stay vigilant. Put on your detective cap and watch for these clues to spot phony emails—and send them straight to the trash.

IS THE EMAIL ADDRESS MISMATCHED FROM THE MESSAGE?
Get in the habit of comparing the content of suspicious emails with the sender’s email address. If a message is telling you to renew your Netflix subscription but it’s from jane321netflix@gmail.com, don’t click that link. Most companies send emails from addresses that match their websites.

ARE THE URLs LEGIT?
Hover over embedded links to check their destination. If the URL of the web page is indecipherable or has nothing to do with the where it claims to go, stop and check the rest of the message with a critical eye. Keep in mind that especially sly scammers might also try to fool you with a URL that is one or two characters different from the real thing.

MORE TO READ
Three things you should never share online, and what you need to do to create a secure password

IS THE MESSAGE POORLY WRITTEN?
Everyone makes mistakes, including con artists. So when an official-looking message from Canada Revenue Agency contains spelling mistakes, grammar issues or other errors, chances are it’s a sloppy scammer who skipped English class. Take a moment to read the message aloud. If it sounds bad, it’s probably fake.

DID YOU INITIATE THE ACTION?
“Congratulations! You’ve won a Caribbean cruise!” Trouble is, you don’t remember entering any travel contests. Use the adage, if it’s too good to be true, it probably is.

ARE YOU BEING ASKED TO PROVIDE PERSONAL INFORMATION?
Being asked to fill in personal details online isn’t unusual. But before you start typing in your mother’s maiden name, consider the context—and the request. Did you initiate the action? Why would a “customer service representative” need your Social Insurance Number? Or your email password? They don’t.

MORE TO READ
What to do if identity fraud happens to you

ARE YOU BEING THREATENED OR PRESSURED TO RESPOND QUICKLY?
This is a common tactic for bogus sellers on sites like Kijiji. They might ask you to e-transfer money for a downpayment on a car to “guarantee the sale.” Never give your banking details to someone via email.

IS THE SENDER BEHAVING ODDLY?
Scammers often try to impersonate a trusted friend, coworker or business contact. If the content of the message reads strangely and they’re asking you to log in with your Apple, Google or Microsoft account to a website you’re not familiar with, stop right there. Instead, contact them directly to confirm the request.