How to Identify a Phishing Email

By Todd Miller, Information Security Officer  

The most successful email phishing scams often appear to come from someone you know or do business with. This form of impersonation is common in recent phishing attacks. An example of this is a package tracking email that appears to be real. How can you tell a legitimate email from a phishing scam? Here are some tips:

  • If any email asks you to confirm personal information, it should always be suspect. We will never ask you for personal information via email, nor should any financial institution.
  • If you know the person sending the email, double check the name in the “From” line of the email to ensure the email address matches what you know, and is not just “similar” to an address you know.
  • Before clicking a link in an email, hover over the link with your cursor and be sure that the pop up link matches the named link in the email. If it doesn’t, that should be a flag.
  • Urgency and threats of closing accounts, etc. are common methods used by scammers to elicit a quick and thoughtless response. Don’t fall for it. Do your own research into the issue. Call us or log into Online Banking to see if there is fraudulent activity.
  • Incorrect spelling and grammar are another flag. Double check for errors in the body of the text, and misspelled business names, email addresses, and domain names.
  • Lastly, an email from a government agency is a red flag. Almost all initial contact from any government agency will be through regular mail.

If any of these flags are present, contact the company or individual through a known or published number to verify the email is legitimate before opening. You can also test links by verifying company websites with a quick Google search.