Learn
5 Tips For Spotting a Phishing Email
Scammers have no shortage of tricks they'll use to try to get your money, steal your information, or gain access to your email account. One set of strategies is called phishing, a clever play on words to describe the act of virtually fishing for a victim.
Unfortunately, phishing attempts are on the rise. One report shows a 47.2% increase in phishing attacks in 2022 compared to the previous year, attributed to cybercriminals using more sophisticated techniques for large-scale attacks.1 And with increasing numbers of people working from home, experts suggest phishing attempts will continue to rise.2
While scammers are getting more creative, these tips can help you weed out a legitimate email from a phishing attempt — whether it's in your personal inbox or your professional one.
Did you know? Scammers try to appeal to your emotional side by spoofing the name of a person or company you know so that you feel a sense of trust.
1. Look at the Sender's Email Address
If an email you receive seems suspicious, the first place to look is at the top of the page, where you'll find the sender's email address. Most scammers attempt to closely mirror a known email address to trick you into thinking you're getting that email from a trusted source. However, there will typically be subtle differences.
For example, your financial institution usually sends customer emails from “customerservice@bankname.com." A spammer may mimic an official email address by adding to the web address or by changing the name of the sender, such as “customerservice@bankname.admin.com" or "adminservice@bankname.home.com."
While you should never click on links or attachments if the email address itself is suspicious, don't assume you can always trust every email coming from a known email address — even if it's from someone you trust. Hackers can gain access to someone's email account and then send you an email from that account. That's why you need to be alert to other hints of fraud as well.
2. Pay Attention to the Greeting
The email's greeting can also be a tip off. See if it matches greetings you've received from the same company or person in the past. For example, any colleagues or companies you do business already know your name and would address an email to you by your name. Greetings like “Dear sir/madam" or “Dear valued customer" can be a giveaway that it's a scammer. If your name is misspelled, that's another red flag.
3. Dust Off Your Proofreading Skills
Typically, phishing emails contain at least one — and sometimes several — spelling and grammar mistakes. In some cases, those errors could be intentional, as a way to get past your email server's spam filter. In other cases, the email may have been translated from another language, leading to errors in common terms and sentence structure. Whatever the case may be, catching those errors — and not clicking on anything in the email — can keep you and your inbox safe.
It is important to stay alert, however, regardless of an email's content. As AI evolves, spotting phishing emails based on typos becomes more challenging, since AI can generate nearly flawless messages in multiple languages, mimicking native speakers.3
4. Hover Before You Click
As a rule, make a point to never click on hyperlinks in any email without examining them first. Simply hover your mouse pointer over the hyperlink to reveal what web address the link is directing to. Often, this can be an easy way to spot a phishing attempt since scammers rely on fake websites. Look for these clues:4
- Hovering over links reveals mismatched URLs, suggesting spoofing.
- Cybercriminals may use URL shorteners to conceal the true link destination.
- Malicious sites often mimic legitimate ones but have slight URL variations (e.g., spelling, domain differences like .com vs. .net).
For example, “yourbankname.com" is more trustworthy than “your1bank2name3.com," but you should also be on the look out for more subtle differences like "yourbankname.com.net."
With more people working from home and phishing on the rise, be careful too if you receive a link that seems to be coming from a colleague's email address. It's not impossible that their email was hacked. If you weren't expecting the link and there's no specific context about why they sent it, confirm with the supposed sender that they intended to send you the link.
5. Be Wary of Attachments
Attachments are a common phishing tool. They're designed to pique your curiosity and make you rush to open them. Be careful with any attachments you receive, including ones to cloud storage sites like Dropbox and Google Docs. Before clicking any attachment, ask yourself if the sender would likely send that to you. For example, if you suddenly receive an email from a colleague who never emails you and the email asks you to download an attachment, that's a red flag.
Another potential red flag: You receive an unexpected attachment from a colleague or a person you do business with, but it's lacking specific context that explains why they are sending it to you. If you have any doubts, call, text, or email the supposed sender to confirm that they did, in fact, send the attachment.
If you think an email you received might be a phishing attempt, don't click any links, don't download any attachments, and don't reply. Instead, call the company or person who sent you the email directly. If you find that the email isn't legit, report it as a phishing attempt to your email provider. Most providers give you the option to report phishing attempts directly from the suspicious email. If you're not familiar with your provider's protocol, an Internet search for your email provider plus "report phishing" is a good way to find instructions.
What to Expect From Your Bank
It's important to know that your bank will never ask you to share personal or private information by email. For example, while Synovus does send emails occasionally with content about our products and services, we never ask our customers to share any sensitive information by email.
If you receive an email from your bank that asks you to share any confidential information, such as your bank account number or Social Security number — or if the email provides a link where you should update your bank account number or Social Security number — don't click on it. It's likely a phishing attempt. Instead, call your bank directly or access your account online through your bank's secure website. And be sure to report that phishing attempt to your bank.
Enroll in Credit and Identity Protection Services
As a Synovus Plus, Synovus Inspire, or Synovus Private Wealth customer, you can enroll in complimentary Credit and Identity Protection services. With this service, Synovus will monitor your credit reports and notify you any time any changes are made. Synovus will also scan the web to make sure your personal information hasn't been compromised by checking websites, blogs and peer-to-peer networks. Synovus also offers full-service identity restoration if you become a victim of identity theft.
Want to know more about how you can achieve peace of mind as a Synovus customer? Learn more.
Important disclosure information
- ZScaler, "2023 Phishing Report Reveals 47.2% Surge in Phishing Attacks Last Year," April 18, 2023. Accessed August 19, 2024. Back
- SN Computer Science (National Library of Medicine), "How Good Are We at Detecting a Phishing Attack? Investigating the Evolving Phishing Attack Email and Why It Continues to Successfully Deceive Society," February 23, 2022. Accessed August 19, 2024. Back
- Coalition, "How Artificial Intelligence Levels Up Email Phishing," May 11, 2023. Accessed August 19, 2024. Back
- Cybersecurity & Infrastructure Security Agency, "Avoiding Social Engineering and Phishing Attacks," updated February 1, 2021. Accessed August 19, 2024. Back
People are also reading
Do you have questions or ideas?
Share your thoughts about this article or suggest a topic for a new one