Top 3 Tips for Identifying a Phishing Email

Phishing messages are messages (typically email) that claim to be from a legitimate source such as a well known bank, financial institution or service provider.

Unfortunately, the reality is that many services do send out email relating to account changes and security notices, so it’s not practical (or a good idea) to just ignore these messages. Just follow these three easy tips to identifying phishing attempts and you’ll save yourself the heartache of having your system compromised or your identity stolen.

1) Suspicious links

Regardless of the type of potential phishing email you’re looking at, they will almost always be linking to a suspicious URL.

NEVER CLICK ON THESE LINKS, they usually lead to a site that attempts to install malicious software on your system.

There are two ways you can look at a URL without clicking on it:

  • The first is to hover your mouse pointer over the link and leave it there for a few seconds. In most mail clients you will see a tooltip showing the destination URL.
  • The second method is to view the HTML (or raw, or source view) of the message. You can then see the real destination links.

2) Viewing email headers

Email headers are the underlying technical details mail servers and mail clients use to define and deliver messages. The email headers are also usually a good give away to the real source of a message. This method is a little more tricky, however knowing how to read email headers is a useful skill since it gives you a greater insight into how email actually works behind the scene.

You’re essentially looking for any clues as to the real sender of the email. Although it is possible for some large providers to have dedicated email domains ( for example), the vast majority of the time legitimate email should come from a company domain. For instance, an email asking you to update your password for ACME bank should come from If it’s being sent from a strange email address such as or, that should ring some alarm bells.

You can also look at the country of origin to see it’s a country you usually get email from. Tools such as (for DNS information) and (for information on country codes) are useful for this.

3) Sense of urgency

Most phishing attempts write about a sense of urgency in clicking a link to complete some sort of action. If your account is ever is compromised and you get email notification of this, we recommend logging a ticket on that company’s website or preferably calling the tech support line.

The same applies to phone calls. If you get a call from someone claiming to be your bank, it’s important not to disclose any personal information. They called you so they should have all of your details without needed to ask you. If ever in doubt, we suggest to thank the caller for contacting you and say that you will call them right back via the banks direct phone number. That way you can verify your speaking with a legitimate employee.

In summary, anyone can quickly and easily tell if a message is a phishing attempt regardless of how legitimate it looks. Any account that is linked to online finance, online shopping or webmail/social networks should be subject to scrutiny. Ideally, you should apply these three easy tips to all email you receive before you click on any links. It’s better to be safe than sorry.

A good email provider and/or anti virus package can also help a great deal with phishing email. Make sure you know how to use these systems to their fullest advantage.

UPDATE: I’ve been asked what the difference is between opening/viewing a message vs clicking on a link, generally the act of simply viewing a message is safe, the main danger lies in clicking on links masquerading as a legitimate URL. And of course attachments from unknown sources should always be treated with extreme caution.