What is a phishing email?
This is a tactic where hackers use emails designed to resemble accounts of people you know, organizations, agencies, or governments to trick you into providing personal information. Or they lure you into clicking a link or file to steal personal information or spread malware to extract sensitive data from an organization’s computer system.
No matter how cautious you are, identifying and detecting phishing emails is quite challenging. However, based on numerous reports and collected documents, we will highlight points to help you identify phishing emails more easily.
Learn more about what phishing emails are.
1. Legitimate companies will not send emails asking for sensitive information
One of the most common signs of a fake email is a request for sensitive personal information, such as passwords, bank card numbers, tax codes, or filling out personal information forms.
If you receive an unexpected email from an organization asking you to open a link or download an attached file and provide sensitive information, even though you have had no prior contact with them, there is a 99% chance it is a phishing email.
Most information about passwords, credit cards, tax codes, etc., will never be requested by organizations through links requiring you to log in. They understand the dangers of scam organizations and will never send links asking you to log in.
2. Legitimate companies address you by name, not generically
For confidential information, legitimate companies usually send emails to specific individuals, certainly addressing you by name and possibly providing instructions for you to contact them via phone for safety.
Phishing emails, on the other hand, target a broad audience and are sent to many people, so they cannot address you by a specific name. Phishing emails often use generic greetings like “Dear Customer” or “Account Holder.”
However, some sophisticated hackers can deceive users with promotional emails offering attractive deals, luring users to click links and provide the information they want. So, how can we detect this in such cases?
Advice: Check if the email clearly states your name and accurate contact information. If not, be suspicious and verify the source.
3. Legitimate companies have clear email domain names
Legitimate companies typically register a specific domain for their company emails. For example, Vnetwork would use: @vnetwork.vn for company emails. Scammers, when sending emails, often alter the domain to deceive recipients.
For example, while tuyendung@vnetwork.vn is legitimate, scammers might use tuyendung@vnetvvork.vn or tuyendung@vnetwork1.vn. If you only glance at the name (tuyendung) without noticing the characters after the @, you may fall into the trap.
However, there are exceptions where legitimate companies use subdomains for services like support or customer care. Therefore, identifying fake emails by closely examining the sender’s email domain is not always the most effective way to avoid phishing emails.
Advice: Carefully check the sender’s email address. If in doubt, contact the company directly through their official website or verified phone number.
4. Emails with many spelling and grammar errors
Phishing emails are often not carefully crafted, leading to numerous spelling, grammar, or awkward sentence structure errors. In contrast, emails from reputable businesses are typically written carefully and professionally.
If you receive an email with many spelling mistakes or strange phrasing, be suspicious. However, note that some fake emails may be written very professionally, so this is not the only sign to evaluate.
5. Legitimate companies do not force you to visit their website
Emails with links that require you to click to provide information are almost certainly phishing emails. You should not click on any links.
However, hackers are becoming increasingly sophisticated, creating hidden links throughout the email. Even if you don’t click the link but accidentally click anywhere in the email, you may fall into the trap by clicking a malicious link. Therefore, check carefully to minimize the risk of being attacked. It’s best not to open an email if you feel doubtful.
6. Legitimate companies do not send attachments
If you receive an email from a service or business you have never registered for or used, it is highly likely a fake email. Hackers often send mass emails to collected email lists, impersonating popular services like Netflix, Amazon, or PayPal.
Legitimate companies typically do not send attachments in emails and instead direct you to their official website to find and download files.
Therefore, be cautious with emails containing attachments that require downloading, especially files with formats like .zip, .exe, or .scr. It’s best to contact the legitimate company you suspect is being impersonated by hackers to deceive you into providing information.
7. Links from legitimate companies match their legitimate URL
Compare the link included in the email with the URL of the service or company you use to confirm whether it is a phishing email.
For phishing emails, the URL often differs from the link or has no connection to the email’s content, which is a sign you’ll be led into a trap if you click the link.
Ensure the URL starts with https://.
What to do when receiving a fake email?
If you suspect an email is a scam, take the following steps:
- Delete the email immediately: Do not reply or provide any information.
- Do not click on links: Links may lead to fake websites or install malware.
- Do not call the phone number in the email: Use the official phone number from the company’s website.
- Report the phishing email: In Gmail, click “More” and select “Report phishing” (Gmail Help).
- Use verification tools: Phishing check or web check tools can help verify the safety of the email or link.
EG-Platform prevents email attacks
Phishing emails have various purposes, such as stealing bank account information, extorting sensitive information, or activating malware for remote control and attacking corporate networks. The damage from fake email attacks is significant for both individuals and businesses. Therefore, being cautious with received emails is always a concern for everyone.
To thoroughly address fake email attacks, businesses today are increasingly adopting intelligent email filtering technology using Artificial Intelligence from EG-Platform—a leading email security solution certified by Gartner and Rapid7.