How To: Spot A Phishing Email

What Is Phishing?

Phishing is an online attempt to gain sensitive information (login info, credit card details, money, etc.). Criminals use malicious email to gain access to your personal and financial information, as well as sensitive business information and resources. They also use these to infect computers with ransomware. Malicious email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.

Phone calls can also be used for fraudulent purposes. See Phone Scams and Voice Phishing (Vishing) for more tips on avoiding phone phishing. 

Resources:  See Cofense: How to Spot a Phish  and Phishing and Social Media

How to Avoid Getting Caught in the Phishing Net:

• Always be suspicious of high emotion emails  Phishing emails bait the hook with our emotions to get in the way of our common sense.   Anything that targets a fear/panic response (like warnings of stolen information), tickles your curiosity, incites excitement (like "You've won!), and usually offer a "Click Here" option for a quick convenient solution.  When in doubt, don't.
• Check for spelling and grammar mistakes  Emails that are swimming upstream are usually from outside the US and are riddled with spelling mistakes, bad grammar and phrases Americans usually do not use.
• Look but don't nibble  Hover your mouse over any links embedded in the body of the email (see example below).  If the link address looks weird, don't click on it.  
• Don't click on attachments   Phisher-men may use harmful attachments that contain viruses or malware.  Malware can damage files on your computer, steal passwords or spy on you without your knowledge.  Don't open any attachments you weren't expecting.  When in doubt, call the person the email is supposedly from.
• Check out the signature  Lack of details about the signer or how you can contact the company strongly suggests a phish.  Legitimate businesses always provide contact details.
• Don't give up personal information  Legitimate banks and most other companies will never ask for personal credentials via email. 
• Don't trust the display name  This fraudulent email, once delivered, appears to be from a legitimate company because most user inboxes only present the display name.  Don't trust the display name.  Check the email address in the header From: - if it looks suspicious, don't open the email.  

Example:  Display name is AIG Direct, but the domain name refers to the email server and @rixoblalkangrill.com does not match the company it claims to come from. 

Examples of Emails that smell Phishy

Clues that indicate this email is fraudulent:

• It directs you to a non-business website (URL - the webpage address). Hover your mouse over the link to see the actual address you'll be directed to. In this case, the URL (webpage address) is clearly not a legitimate amazon web-page. Don't click the link if it looks wrong to you. (This screenshot does not show that the URL appears in the lower left corner of the window. Different email programs may show the URL in different locations.)
• It asks you to validate your account or it will expire.  Reputable companies will never ask you to validate or verify your account. 
• The "From" address is fake. Even though the message above looks it came from a Amazon address, it didn't. Beware, though, because criminals can forge the "From" addresses and actually hack into an emails. If it looks Phishy, make a phone call!

Still Have Doubts?

If you aren't sure, contact the Runbiz Service Portal.

Where to Report Phish

• Phishes that appear to impersonate a Runbiz address or service: Send the entire message—with full email headers if possible—to your service technician when you report the email on the Runbiz Service Portal.
    
• In the message you would like to report, click the down arrow next to the Reply arrow and select Show original.
• In the Original Message screen, click Download Original to download the page as a .txt file.
• Compose a new message, attach the file you downloaded, and send the new message and attachment when notifying the Runbiz Support Portal.
• If you use Google Mail, report the phish to Google by using the report phishing option.
• If you receive a phish impersonating another institution or business: If you receive a phish impersonating a bank, retailer, or other institution, please consider contacting them to let them know.  

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

• Change your password and follow the instructions at What to Do if Your Account May Be Compromised.
• Carefully review any online account that became vulnerable as a result of responding to the message.