Envista Named to Inc 5000 List of Fastest-Growing Private Companies. Read More.

Digital Forensics

How to Spot a Phishing Email

28 April 2020

What is a Phishing Email?

Phishing emails are a common form of Social Engineering utilized by cybercriminals to trick you into handing over personal information about yourself or sensitive information about your company. These phishing emails are designed to look like legitimate emails from a business or colleague, but in fact, they are from bad actors trying to get you to perform an action like clicking a link, giving away your password or downloading an attachment that infects your computer with a virus, malware or even ransomware.

5 Ways to Identify a Phishing Email

Despite posing and looking like a legitimate email, there are always a few key giveaways that a trained eye can spot to help identify a phishing email.

1. Personal Information

A phishing email will ask for personal information, requiring you to go to a website, reply to the email or otherwise respond to an email by providing this personal information. Anytime an email asks you for personal information, this should immediately raise suspicion.

Personal Information Phishing Email

2. Poor Grammar

Keep an eye out for spelling errors or poor grammar in an email. If an email sounds titled or uses odd phrasing, this should raise a red flag. Legitimate emails come from marketing departments trained in communication.

Does the email address you by name or in a generic way, such as Dear Customer or Account Holder? Legitimate emails will often address you by your name.

Poor Grammar Phishing Email

3. Suspicious Attachments

If you receive an email from a company or person with an attachment, the threat level should immediately be raised to high, especially if the email came out of the blue. This attachment is likely to be a malicious trojan virus that will attempt to install malware or ransomware on your computer.

Suspicious Attachment Phishing Email

4. Panic Content

Many phishing emails require you to take immediate action. These emails are trying to get you to act rapidly instead of rationally. This tactic increases the cybercriminals' success of duping their victim.

Panic Content Phishing Email


5. Call to Action

In order for a phishing email to work, you must respond to the email and perform the steps laid out by the bad actor. Restore your account, protect your security or update your password are all common “Calls to Action” that a bad actor might use to deceive their victim. If an email contains a "Call to Action" asking you to immediately respond to the email, it should raise a flag.

Call To Action Phishing Email

What Should You Do if You Have Received a Phishing Email?

  1. Don't panic.
  2. Don't click on any links or attachments.
  3. Check with the alleged sender by picking up the phone and calling them.
  4. Report the email to your company.
  5. Mark the sender as junk or spam.
  6. Delete the email.
Has a recent catastrophe affected you?

Our experts are ready to help.

About The Author
Lars Daniel
Lars Daniel
Practice Leader

Lars Daniel is a Practice Leader in the Digital Forensics Division, and holds 7 different certifications. He has provided forensic services to more than 600 criminal and civil cases, and appeared as an expert court witness for nearly 30 of those. He has co-authored two books: Digital Forensics for Legal Professionals, and Digital Forensics Trial Graphics: Teaching the Jury through Effective Use of Visuals, spoken at numerous industry conferences, and provides training throughout the U.S.

How Can We Help You?

We have experts in multiple disciplines all around the world. Talk to us and we'll help you find the right expert for the job.

 Envista Forensics Logo
Explore Our Site

Our job is to solve complex problems for our clients, in the face of a disaster. We serve business owners, small and large, no matter where they are in the world, and no matter what problem they are facing.