How to Recognize and Report Phishing Emails
Phishing emails are a common tactic used by attackers to steal sensitive information or spread malware. Follow this guide to identify and report phishing emails effectively.
What is a Phishing Email?
A phishing email is a fraudulent message that appears to be from a trusted source, such as your bank, employer, or a familiar service, but is designed to trick you into providing sensitive information, clicking on malicious links, or downloading harmful attachments.
How to Recognize a Phishing Email
Look for Suspicious Sender Information:
- Check the sender’s email address carefully. Phishing emails often come from addresses that look similar to legitimate ones but may contain misspellings or extra characters (e.g.,
support@amzon.cominstead ofsupport@amazon.com).
- Check the sender’s email address carefully. Phishing emails often come from addresses that look similar to legitimate ones but may contain misspellings or extra characters (e.g.,
Watch for Generic Greetings:
- Phishing emails often use generic terms like "Dear Customer" instead of addressing you by name.
- Phishing emails often use generic terms like "Dear Customer" instead of addressing you by name.
Inspect Links Before Clicking:
- Hover over links to see the destination URL. If it looks suspicious or doesn’t match the sender's website, don’t click.
- Hover over links to see the destination URL. If it looks suspicious or doesn’t match the sender's website, don’t click.
Beware of Urgent or Threatening Language:
- Phrases like "Your account will be suspended" or "Act immediately to avoid a penalty" are red flags designed to create panic.
- Phrases like "Your account will be suspended" or "Act immediately to avoid a penalty" are red flags designed to create panic.
Check for Grammatical Errors:
- Many phishing emails contain poor spelling, grammar, or awkward phrasing.
- Many phishing emails contain poor spelling, grammar, or awkward phrasing.
Verify Unexpected Attachments:
- Do not open attachments you weren’t expecting, especially if they have unusual file extensions like
.exe,.zip, or.js.
- Do not open attachments you weren’t expecting, especially if they have unusual file extensions like
Examine Requests for Personal Information:
- Legitimate organizations will never ask for sensitive information like passwords, Social Security numbers, or credit card details via email.
Steps to Report a Phishing Email
Do Not Interact with the Email:
- Avoid clicking any links, downloading attachments, or replying to the sender.
Report to Your IT Department:
- Forward the suspicious email to support@trucare.org.
- Forward the suspicious email to support@trucare.org.
Mark as Phishing in Your Email Client:
- Most email platforms allow you to report phishing emails:
- Outlook: Right-click the email, select Report phishing.
- Outlook: Right-click the email, select Report phishing.
- Most email platforms allow you to report phishing emails:
Delete the Email:
- Once reported, delete the email from your inbox and your trash folder.
What Happens After Reporting?
Your IT team will:
- Analyze the email for threats.
- Take action to block similar phishing attempts.
- Inform other users if the email is part of a larger phishing campaign.