How to Determine if a Message is Phishing

Phishing is a term that is used to describe the process of tricking a user to give information that would otherwise be uknown. An example usually involves a password reset, or asking for account information of some kind. It can also be used to trick a user to click a link, which then takes a user to a malicious web site. This often ends up with spyware, but never ends up with anything positive. Below are ten examples of spam, phishing, or legitimate messages with a short explanation of why they are suspicious or not. If you look at three things, 1) the from NAME, 2) the from ADDRESS, and 3) the links in the message, then you will have much better odds in avoiding any malicious activity that comes from email.

Example 1

The example below is really good. At first glance it looks like I received a message from Linked In. Notice the Click to follow link box in the middle of the screen. That is the message that pops up when you hover over a link in email. You would expect the link to go to linkedin.com, but instead points to cp990.perso.sfr.fr. Wait. What? I don’t know Elspeth Patterson, and I don’t recognize sfr.fr. I’ll delete this message.

Example 2

This example is a regular spam message that probably should have been filtered but wasn’t for some reason. The from address shows as coming from advancearladder.com, and the link to get a better figure DOES match that domain. So the next question we have to ask ourselves is 1) if we want a better figure, 2) do we recognize advancearladder.com, and 3) does advancearladder.com match the content of this message. Question 3 might be the most important. If this message was from convertFatCellsIntoEnergy.com it might be more believable. Delete this message.

Example 3

This example isn’t actually phishing or spam. It’s a legitimate email to a list that I may or may not be a member of. We know this is legitimate because the from address shows @sba.gov, which I DO recognize, and the link in the bottom of the message I’ve confirmed points to @sba.gov. I know this because I pause and hover over the link before clicking it. This message is safe to read and to click.

Example 4

This example at first glance is just spam. Again, look at the three key areas, the from name/address which in this case doesn’t quite match with Gary Grant, and credt@. Next look at the link which does match the from domain, but doesn’t match anything I recognize, and doesn’t seem to be related to my credit rating. Delete this message.

Example 5

This message again is spam. The from name is EmailMarketing, the address is bron@dolrint.co.uk. The domain is a red flag. Even though the link does match the domain, we don’t trust it and should delete this message.

Example 6

We don’t have to look much further than the from name and address on this message. The name is Skinny Lifestyle, and the address is techlotteryusa.com. Delete this message.

Example 7

In this example the name is Fidelity Life Insurance, but the address is co.uk. This is a red flag. The link does match the domain, but I know that fidelity would have a .com, and I don’t trust this message.

Example 8

This is a legitimate message from Ameritrade. The from address matches what I expect, so does the address, and I recognize the name, email address, subject, AND the content matches those fields.

Example 9

This example is a hacked yahoo.com account. The link is a .ir and not a .com which is suspect. Although I recognize the from name and address, the link is suspicious, and there is only the link in the message with no other text.

Example 10

This example has a combination of issues. The from address is hereteach.co.uk. I don’t recognize that. The from name is First Premier Bank, with Premier in all caps. This doesn’t match the email address. Third, although the link in the email matches the domain name in the from address, it has nothing at all to do with First Premier Bank. Delete this message.