How to spot a phishing email
And how to protect yourself from future attacks
Hackers are becoming more sophisticated in their efforts; it can be difficult to distinguish a legitimate email from a fake one, especially if it's coming from a person you know. While phishing scams usually start with a random sender, as soon as your account is compromised by clicking the link contained within it, the hacker will log into your account and distribute the email, as you, to everyone on your contacts list.
Many times, the email can look legitimate, by disguising itself as someone sharing a Google Doc with you, or sending a survey for you to take. In other cases, they may use a linked URL that looks to go to a legitimate web address, but actually, goes to a different location than specified (like in the image above).
Above, is a screenshot of an actual phishing scam that recently affected the district email system. While it appears to be potentially legitimate because of the styling of the button, take a look at an actual email Google would send you with a shared Google Doc below:
As you'll see, the original email had a lot missing. However, that's not to say that you'll never see a phishing scam that looks exactly like what a company like Google would send you; it can happen. After all, they did identically copy the "Open in Docs" button.
While simply looking at the email and seeing that something looks phishy (ha, see what I did there!?) is usually a great first indicator, the best way to tell if an email is legitimate or not is by inspecting the actual links within the email.
It's important to note that, simply opening an email containing a phishing scam does not mean your account is immediately infected. You have to physically click a button or link and (usually) enter some kind of information or give permission to something in order for your account to be compromised.
How to inspect the links of an email for legitimate URLs
This is actually more simple than you'd think!
If you're on a desktop or laptop computer...
Hover your mouse over the button or link and look in the bottom left-hand corner of your browser's page. The URL of the link will display here. In the real example above, hovering over the button shows the following URL on the bottom left of the screen:
If your browser doesn't support this feature, you can alternatively right-click the link and select "Copy Link Address" (this title may be different depending on your browser) and then paste it into a text editor to check where you're navigating to:
If you're on a mobile device...
Place your finger over the link and long-hold until a popup opens. On Android, this will display the link's truncated URL and give you the ability to copy it, so you can paste it somewhere else to view the entire address. The function is very similar on iOS devices:
In both of these instances, you're inspecting the address to see if it looks legitimate. The URL should go to a web address you recognize. In this case, the URL starts with google.com, a website we recognize and trust.