Information Technology Services (ITS)

The Anatomy of a Phishing Email

Published on: October 26, 2016

The Anatomy of a Phishing EmailLet’s start with the basics. This is a simple illustration of an anatomy of a phishing email, courtesy of Schweitzer Engineering Laboratories.

Some key tell-tale signs of a phishing email are:

  1. IT LOOKS GENUINE – Phishing emails are not always easy to spot as criminals have improved their skills by making emails look genuine by targeting users with content that may seem legitimate and relevant to their setting
  2. SENDER ADDRESS CAN BE SPOOFED – Just because it says that the email is from your boss, does not necessarily mean it is. This line can be easily spoofed to look like it came from one of your contacts.
  3. NOT EXPECTED – You are getting a surprise last minute urgent notice! That’s always a red flag.
  4. ODD OR DOESN’T MAKE SENSE – How can your Netflix account information be out of date when you do not even have a Netflix account? Always cross check if your email notices for services you use are going to the emails associated with your account. Now days, most people have multiple email accounts and often forget that they never signed up their Apple ID to their work email.
  5. OFTEN HAS SPELLING OR GRAMMATICAL ERRORS – This is the easiest one to spot. If you read past the urgency of the message and pay close attention to spelling gramatical (see? grammatical!) errors, you will be able to spot the bad emails quickly!
  6. CONTAINS LINKS OR ATTACHMENTS – Were you expecting an attachment? Don’t open it if you weren’t, also don’t click on links without scrutinizing the message first.
  7. INDICATES URGENCY – If you do not give us X by Y, your accounts will be suspended! Sound familiar? This type of urgency is common as it pushes the user to act quickly without second guessing. The reality is that most services, banks, etc will never communicate with you in this manner if something is in fact urgent.
  8. REPLY-TO ADDRESS IS DIFFERENT FROM SENDER ADDRESS – Pay attention to the reply-to field. Is it the same email as the sender? In phishing emails, it’s not always the case.
  9. LINKS DON’T MATCH THE TEXT OF THE LINK – The quickest way to check if the links match is to hover over them with your mouse without clicking. You will then see that “” actually leads to “”.  You can also verify any urgent issues that ask you to click on a link by simply typing in the URL yourself for that service and logging into your account to see if there are in fact any urgent messages there. Don’t click on the link in the email.

This week, we will cover more tips on how to prevent phishing attacks and highlight other online spheres where phishing is prevalent. Phishing is not exclusive to emails!Stay tuned for this final week of Cyber Security Awareness Month!

Follow the Campaign: