top of page

How To Spot Phishing

What Is Phishing?

Phishing is an online attempt to gain sensitive information (login info, credit card details, money, etc.). Criminals use malicious email to gain access to your personal and financial information, as well as sensitive business information and resources. They also use these to infect computers with ransomware. Malicious email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.

Phone calls can also be used for fraudulent purposes. See Phone Scams and Voice Phishing (Vishing) for more tips on avoiding phone phishing. 

How to Avoid Getting Caught in the Phishing Net:

  1. Always be suspicious of high emotion emails  Phishing emails bait the hook with our emotions to get in the way of our common sense.   Anything that targets a fear/panic response (like warnings of stolen information), tickles your curiosity, incites excitement (like "You've won!), and usually offer a "Click Here" option for a quick convenient solution.  When in doubt, don't.

  2. Check for spelling and grammar mistakes  Emails that are swimming upstream are usually from outside the US and are riddled with spelling mistakes, bad grammar and phrases Americans usually do not use.

  3. Look but don't bite  Hover your mouse over any links embedded in the body of the email (see example below).  If the link address looks weird, don't click on it.  

  4. Check out the signature  Lack of details about the signer or how you can contact the company strongly suggests a phish.  Legitimate businesses always provide contact details.

  5. Don't give up personal information  Legitimate banks and most other companies will never ask for personal credentials via email. 

  6. Don't trust the display name  This fraudulent email, once delivered, appears to be from a legitimate company because most user inboxes only present the display name.  Don't trust the display name.  Check the email address in the header From: - if it looks suspicious, don't open the email.  

Example:  Display name is AIG Direct, but the domain name refers to the email server and does not match the company it claims to come from. 

Example of a suspicious email 

Clues that indicate this email is fraudulent:

  1. It directs you to a non-business website (URL - the webpage address). Hover your mouse over the link to see the actual address you'll be directed to. In this case, the URL (webpage address) is clearly not a legitimate amazon web-page. Don't click the link if it looks wrong to you. (This screenshot does not show that the URL appears in the lower left corner of the window. Different email programs may show the URL in different locations.)

  2. It asks you to validate your account or it will expire.  Reputable companies will never ask you to validate or verify your account. 

  3. The "From" address is fake. Even though the message above looks it came from an Amazon address, it didn't. Beware, though, because criminals can forge the "From" addresses and actually hack into an emails. If it looks suspicious, make a phone call!

Still Have Doubts?

If you aren't sure, contact the Runbiz Service Portal.

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

  1. Change your password and follow the instructions at What to Do if Your Account May Be Compromised.

  2. Carefully review any online account that became vulnerable as a result of responding to the message.

bottom of page