What are phishing email red flags?

What to look for to avoid giving away sensitive information.

Know these seven phishing email red flags. Don’t let your team be tricked into giving away sensitive information or taking a dangerous action (such as clicking a link or opening an attachment). Phishing emails can look very legitimate (like it came from someone internal).

Here’s what to look out for: 
  1. Subject line: If it seems irrelevant, doesn’t match the message content or is about something you never requested, it’s a red flag. 
  2. To line: If you were included on an email and don’t know the other people it was sent to, it’s a red flag
  3. From line: If it comes from an unknown address, obvious red flag. But it might come from someone you know, but seem out of character or unexpected, or use words or phrases that aren’t quite fitting. These are all red flags. 
  4. Date: If it’s an email you would normally receive during business hours, but it came at 3 AM, red flag. 
  5. Attachments: Any attachment that isn’t expected is a red flag.
  6. Content of the email: Being asked to click on a link or open an attachment to avoid a negative consequence is a favourite trick of hackers – the higher the stakes or consequences mentioned, the more likely it’s fake. It may also be asking you to look at a compromising or embarrassing photo of yourself - anything that gives you a bad feeling, seems illogical, or makes you feel uncomfortable is a red flag.
  7. Hyperlinks: Look for spelling mistakes in links, or if you hover over the link and that link is different from the one displayed – big red flag.