Identifying Phishing Emails

September 26, 2018

When a scammer uses fraudulent emails, texts, or copycat websites to get you to share your personal information, it’s called phishing. If targets don’t recognize the attempt, they can share sensitive information such as login names and passwords. Phishing attempts are sneaky, so it’s important to be able to spot a possible scam.

Example 1

Subject: Low Cost Dream Vacation loans!!!

We understand that money can be tight and you may not be able to afford to go on vacation this year. However, we have a solution. My company, World Bank and Trust is willing to offer low cost loans to get your through the vacation season. Interest rates are as low at 3% for 2 years. If you are interested in getting a loan, please fill out the attached contact form and send it back to us. We contact you within 2 days to arrange a deposit into your checking account.

Please email your completed form to

Your dream vacation is just a few clicks away!

Dr. Stephen Strange
World Bank and Trust
177a Bleecker Street, New York, NY10012

What did you notice in this example? One thing that might jump out are the grammatical errors – these are quite common in phishing messages. Another giveaway is the offer sounds too good to be true. Finally, if you hover your cursor over the email address, you’ll see the destination is different from the address shown. The real destination is likely the scammer’s email address.

Example 2

Subject: Free Amazon Gift Card!!!

Dear Sally,

You name has been randomly selected to win a $1000 Amazon gift card. In order to collect you prize, you need to log in with your Amazon account at the link below and update your contact information so we can put your prize in the mail. This is a limited time offer, so please respond to the request within 2 business days. Failure to respond will forfeit your prize and we will select another winner.

In addition to another offer that seems to be too good to be true, you can see that “Amazon” is misspelled in the link. (It’s common to use similar looking characters in URLs. In this case, the link is actually directed to our homepage.) In a real phishing attack, the page would look similar to an Amazon page with a form to capture your information.

Example 3

Subject: Urgent – Take Action Before Your Email Account is Deactivated

Dear User,

Following changes to our Microsoft email systems, each user must authenticate their account to prevent it from being deactivated. You can accomplish this by heading to the link below and entering your Microsoft Outlook email account credentials, and then we will know your account is active and should remain so.

Thank you,
Information Technology
Helpdesk Support Team

There aren’t as many obvious errors in this message, but if you hover your mouse over the link, you’ll see that it actually leads to a different address. In addition, the sense of urgency is meant to cloud your judgement. If you were to receive a message like this, check with your email provider – NOT using the link provided in the email – to see if it’s legitimate.

As these examples show, there are some basic recommendations to help protect you from becoming a phishing victim:

  • If it seems to good to be true, it probably is.
  • Hover your cursor over links in messages to find out where the link really goes.
  • Look at the address carefully, looking for similar, but wrong, characters (i.e. "1" instead of "l").
  • Look for misspellings and poor grammar, which are frequently used in fraudulent messages.
  • Never respond to an email requesting personal information (i.e. social security number, username/password, etc.)

The views, information, or opinions expressed in this article are solely those of the author and do not necessarily represent the views of Citizens State Bank and its affiliates, and Citizens State Bank is not responsible for and does not verify the accuracy of any information contained in this article or items hyperlinked within. This is for informational purposes and is no way intended to provide legal advice.